drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in gcab
Name: |
Denial of Service in gcab |
|
ID: |
USN-3546-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 17.10 |
|
Datum: |
Mi, 24. Januar 2018, 22:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5345 |
|
Applikationen: |
gcab |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6355335367432514571== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OF4Lho6rVhV0PJCjjNPsayJk6EuEwMwcL"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OF4Lho6rVhV0PJCjjNPsayJk6EuEwMwcL Content-Type: multipart/mixed; boundary="QnQjTBxhrjYCBsEj8JLdh53OKqQ0HdN8N"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <476f86f2-60ed-84b5-d748-26f644195809@canonical.com> Subject: [USN-3546-1] gcab vulnerability
--QnQjTBxhrjYCBsEj8JLdh53OKqQ0HdN8N Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3546-1 January 24, 2018
gcab vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10 - Ubuntu 16.04 LTS
Summary:
gcab could be made to crash or run programs if it opened a specially crafted file.
Software Description: - gcab: Microsoft Cabinet file manipulation tool
Details:
Richard Hughes discovered that gcab incorrectly handled certain malformed cabinet files. If a user or automated system were tricked into opening a specially crafted cabinet file, a remote attacker could use this issue to cause gcab to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: gcab 0.7-4ubuntu0.1 libgcab-1.0-0 0.7-4ubuntu0.1
Ubuntu 16.04 LTS: gcab 0.7-1ubuntu0.1 libgcab-1.0-0 0.7-1ubuntu0.1
After a standard system update you need to restart your session to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3546-1 CVE-2018-5345
Package Information: https://launchpad.net/ubuntu/+source/gcab/0.7-4ubuntu0.1 https://launchpad.net/ubuntu/+source/gcab/0.7-1ubuntu0.1
--QnQjTBxhrjYCBsEj8JLdh53OKqQ0HdN8N--
--OF4Lho6rVhV0PJCjjNPsayJk6EuEwMwcL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJaaOQtAAoJEGVp2FWnRL6TulsP/iY91W7QfKhPAW86sxDd+H4u RsJqFILzZizl2yPLus3F1Pfgy2XIHVbbcKd+/jFofHK4pxHTZfTOkRiDu2AA1ire sbC99pWruVbmPrRaqbh9AV5C5J2ubD4Zj07SZ9sG4XaDIK9AXbJNP5E7lOKQXAD8 1Mr5qs87SXZiC8qMafcL8zC7xkSqB9T9WSQNM3goqoFGfT7SFOGYW1+xspmy7/v3 QvZfdtXDNnhYKQiPoB9D6LvENQIIYKrM9EAIEbYaQngAm+mtR258CN6FjmmJeCz/ pSrUG4aUs3I1QhadTjthoNi4hpU9e0+ule9X8xX7+TGF+aR4XofYCUPWJNz1daaW lc5e7Ip/w6567EqRU5WFULbARusDnuBsBCdc8uhE6645YJOcIMc0X6QOPf2/9ckQ eEr7Btc/nHOc7CLkvJF1gJ60K+McVmgEybCdZXJC7RgBD3lEYRc7+ibuZ4wdBOFG tl44q719BEHoxT0jew7HhcnFy0PPkkvztmnFdjyn5TObbIn8f1VFoHR9Czn46yjI Xls7572tC1gJJFCH2nRT6ueNI8Pt19M/wPCTYcteHuahPDGsbUb+XJ+L2hT8jcfo j4fgWkaswhNyCc8xWcyIJN3riEqdpN9Sdto5B6kckLXLPXOvKTSeY3wpxGC2paiZ kzM58RVH7oOW69galZh+ =Ygtn -----END PGP SIGNATURE-----
--OF4Lho6rVhV0PJCjjNPsayJk6EuEwMwcL--
--===============6355335367432514571== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============6355335367432514571==--
|
|
|
|