Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in DjVuLibre
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in DjVuLibre
ID: USN-4957-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, Ubuntu 21.04
Datum: Mo, 17. Mai 2021, 22:33
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32493
Applikationen: DjVuLibre

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8941604116452029725==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="r9CHmdGtX0h6tebp1j6ns22LWz5jgnB93"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--r9CHmdGtX0h6tebp1j6ns22LWz5jgnB93
Content-Type: multipart/mixed;
boundary="PlTaQSbctEwo0PV02NrObAx40xY0ZEnqT";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <1d26457e-e6e5-a617-55b8-f9d5221124ee@canonical.com>
Subject: [USN-4957-1] DjVuLibre vulnerabilities

--PlTaQSbctEwo0PV02NrObAx40xY0ZEnqT
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4957-1
May 17, 2021

djvulibre vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in DjVuLibre.

Software Description:
- djvulibre: DjVu image format library and tools

Details:

It was discovered that DjVuLibre incorrectly handled certain memory
operations. If a user or automated system were tricked into processing a
specially crafted DjVu file, a remote attacker could cause applications
to hang or crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
libdjvulibre21 3.5.28-1ubuntu0.1

Ubuntu 20.10:
libdjvulibre21 3.5.27.1-15ubuntu0.1

Ubuntu 20.04 LTS:
libdjvulibre21 3.5.27.1-14ubuntu0.1

Ubuntu 18.04 LTS:
libdjvulibre21 3.5.27.1-8ubuntu0.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4957-1
CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493,
CVE-2021-3500

Package Information:
https://launchpad.net/ubuntu/+source/djvulibre/3.5.28-1ubuntu0.1
https://launchpad.net/ubuntu/+source/djvulibre/3.5.27.1-15ubuntu0.1
https://launchpad.net/ubuntu/+source/djvulibre/3.5.27.1-14ubuntu0.1
https://launchpad.net/ubuntu/+source/djvulibre/3.5.27.1-8ubuntu0.3


--PlTaQSbctEwo0PV02NrObAx40xY0ZEnqT--

--r9CHmdGtX0h6tebp1j6ns22LWz5jgnB93
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmCis8UACgkQZWnYVadE
vpMxwQ//c7PI4ZIcBZMclGcpFqlgmH875A2kHwGidWjwwRqeFnXlX74zFr/99eNW
/MBolY2b52IOWidlxD2XnuhHXmadO0+ZzxPLC0+dck8IsK0fiNIJkIAWI/lBxpih
jyXAQ9joulqP6X3BjkF4up4Yry5vgEFqfzH5Ek/ZY1J57fiGrSL0xGtsZxCxgaiR
5fnVR5XLKzlv+4RrMRDSyO9a9CC+W5bVAgJ33EHDENK3a6+rl0ewhve8ZerYVzGp
AkYxlcPO+sYM3lO6nf98E4c9TFze24v0pztsWuclPdGB5yj/7STsAhGZSWCXTllK
M0G4LTaIL1ExKg9uaTR+b6jEBORJHnSrG/796RkDLkt4l1R5yj+b7NkCa90F/Qwn
IrdpEpoGnMjJeR6jmGSHATZZdyC0FSlB3zhbexP54a3NEqtOW3KCi9y+Ax9Wf12s
0zOJvejINzloatNix2ot/sUYUu7fCEKZ08+3ow7llf7ZBri10vmVvQAU34zUU4mR
5nHLK62/pHg8CClAItxPJMQLqZKiiK0IREXFRdjDNYYOp91IYRG+dxxZONN4C3sJ
ZMjJXCloZJHJVPcyAevsyKnziA9WCFP+rochh8QWvdFxGwPTPFKX2lXUcbcgM/B0
JBeRitJFNY8EJx50i8kVumtF1vfthc3KwB6PrI/muf9v0ivc3HQ=
=/4Gf
-----END PGP SIGNATURE-----

--r9CHmdGtX0h6tebp1j6ns22LWz5jgnB93--


--===============8941604116452029725==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============8941604116452029725==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung