Oracle Linux 7 : gcab (ELSA-2018-0350)
Medium Nessus Plugin ID 107015
SynopsisThe remote Oracle Linux host is missing one or more security updates.
DescriptionFrom Red Hat Security Advisory 2018:0350 :
An update for gcab is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The gcab package contains a utility for managing the Cabinet archives.
It can list, extract, and create Microsoft cabinet (.cab) files.
Security Fix(es) :
* gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution (CVE-2018-5345)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
SolutionUpdate the affected gcab packages.