Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEC09C2EECA62A98C274BF7BD3127B39C979C67FE158219BDAF7D613A1B296F39
HistoryMar 04, 2019 - 5:55 a.m.

Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM

2019-03-0405:55:02
www.ibm.com
20

EPSS

0.009

Percentile

83.1%

JSON

Summary

PowerKVM is affected by vulnerabilities in libmspack. IBM has now addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-14682 DESCRIPTION: libmspack is vulnerable to a denial of service, caused by an off-by-one in mspack/chmd.c in the TOLOWER() macro for CHM decompression. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147666&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-14681 DESCRIPTION: libmspack could allow a remote attacker to overwrite arbitrary files, caused by an error in the kwajd_read_headers function in mspack/kwajd.c in libmspack. An attacker could exploit this vulnerability using bad KWAJ file header extensions to cause a one or two byte overwrite.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147669&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2018-14680 DESCRIPTION: An unspecified error in libmspack related to the failure to reject blank CHM filenames has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147668&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2018-14679 DESCRIPTION: libmspack is vulnerable to a denial of service, caused by an off-by-one error in the CHM PMGI/PMGL chunk number validity checks in mspack/chmd.c. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147667&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Related

debian 3
openvas 35
nessus 42
ubuntu 4
redhat 2
osv 7
oraclelinux 2
centos 1
amazon 2
fedora 11
suse 5
freebsd 1
altlinux 3
mageia 1
photon 8
gentoo 1
ibm 2
redhatcve 4
cvelist 4
cve 4
alpinelinux 4
nvd 4
debiancve 4
prion 4
ubuntucve 4
veracode 3
debian
debian
[SECURITY] [DSA 4260-1] libmspack security update
2018-08-02 21:09:34
[SECURITY] [DLA-1460-1] libmspack security update
2018-08-06 09:20:01
[SECURITY] [DSA 4260-1] libmspack security update
2018-08-02 21:09:34
openvas
openvas
Huawei EulerOS: Security Advisory for libmspack (EulerOS-SA-2018-1435)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-3728-1)
2018-10-26 00:00:00
Huawei EulerOS: Security Advisory for libmspack (EulerOS-SA-2018-1436)
2020-01-23 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : libmspack (EulerOS-SA-2018-1435)
2018-12-28 00:00:00
Amazon Linux 2 : libmspack (ALAS-2019-1152)
2019-01-25 00:00:00
Debian DLA-1460-1 : libmspack security update
2018-08-07 00:00:00
ubuntu
ubuntu
libmspack vulnerabilities
2018-08-01 00:00:00
ClamAV vulnerabilities
2018-08-01 00:00:00
ClamAV vulnerabilities
2018-08-02 00:00:00
redhat
redhat
(RHSA-2018:3327) Low: libmspack security update
2018-10-30 04:43:45
(RHSA-2018:3505) Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image
2018-11-06 15:39:03
osv
osv
libmspack - security update
2018-08-06 00:00:00
libmspack - security update
2018-08-02 00:00:00
CVE-2018-14681
2018-07-28 23:29:00
oraclelinux
oraclelinux
libmspack security update
2018-11-05 00:00:00
libmspack security and bug fix update
2020-05-05 00:00:00
centos
centos
libmspack security update
2018-11-15 18:48:49
amazon
amazon
Low: libmspack
2019-01-23 23:27:00
Low: clamav
2019-01-09 22:56:00
fedora
fedora
[SECURITY] Fedora 28 Update: clamav-0.100.2-2.fc28
2018-10-09 03:10:28
[SECURITY] Fedora 29 Update: clamav-0.100.2-2.fc29
2018-10-30 17:40:56
[SECURITY] Fedora 28 Update: libmspack-0.9.1-0.1.alpha.fc28
2018-11-13 02:28:31
suse
suse
Security update for libmspack (moderate)
2021-08-26 00:00:00
Security update for libmspack (moderate)
2021-08-20 00:00:00
Security update for clamav (moderate)
2018-10-27 00:15:36
freebsd
freebsd
clamav -- multiple vulnerabilities
2018-10-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package clamav version 0.100.2-alt1
2018-10-17 00:00:00
Security fix for the ALT Linux 9 package clamav version 0.100.2-alt1
2018-10-17 00:00:00
Security fix for the ALT Linux 10 package clamav version 0.100.2-alt1
2018-10-17 00:00:00
mageia
mageia
Updated libmspack/cabextract packages fix security vulnerabilities
2018-11-18 01:23:26
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0196
2018-11-15 00:00:00
Moderate Photon OS Security Update - PHSA-2018-0196
2018-11-15 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0110
2018-11-21 00:00:00
gentoo
gentoo
cabextract, libmspack: Multiple vulnerabilities
2019-03-28 00:00:00
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801r
2018-10-26 21:10:01
Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018
2019-01-28 17:05:01
redhatcve
redhatcve
CVE-2018-14679
2019-10-10 16:21:49
CVE-2018-14681
2018-08-01 15:19:34
CVE-2018-14680
2018-08-01 16:50:01
cvelist
cvelist
CVE-2018-14679
2018-07-28 23:00:00
CVE-2018-14682
2018-07-28 23:00:00
CVE-2018-14681
2018-07-28 23:00:00
cve
cve
CVE-2018-14679
2018-07-28 23:29:00
CVE-2018-14681
2018-07-28 23:29:00
CVE-2018-14680
2018-07-28 23:29:00
alpinelinux
alpinelinux
CVE-2018-14681
2018-07-28 23:29:00
CVE-2018-14679
2018-07-28 23:29:00
CVE-2018-14680
2018-07-28 23:29:00
nvd
nvd
CVE-2018-14681
2018-07-28 23:29:00
CVE-2018-14679
2018-07-28 23:29:00
CVE-2018-14680
2018-07-28 23:29:00
debiancve
debiancve
CVE-2018-14681
2018-07-28 23:29:00
CVE-2018-14680
2018-07-28 23:29:00
CVE-2018-14679
2018-07-28 23:29:00
prion
prion
Design/Logic Flaw
2018-07-28 23:29:00
Design/Logic Flaw
2018-07-28 23:29:00
Design/Logic Flaw
2018-07-28 23:29:00
ubuntucve
ubuntucve
CVE-2018-14681
2018-07-28 00:00:00
CVE-2018-14680
2018-07-28 00:00:00
CVE-2018-14679
2018-07-28 00:00:00
veracode
veracode
Memory Corruption
2019-05-16 03:19:23
Denial Of Service (DoS)
2019-05-16 03:19:22
Memory Corruption
2019-05-16 03:19:23

EPSS

0.009

Percentile

83.1%

JSON
Related for EC09C2EECA62A98C274BF7BD3127B39C979C67FE158219BDAF7D613A1B296F39
debian3openvas35nessus42ubuntu4redhat2osv7oraclelinux2centos1amazon2fedora11suse5freebsd1altlinux3mageia1photon8gentoo1ibm2redhatcve4cvelist4cve4alpinelinux4nvd4debiancve4prion4ubuntucve4veracode3