Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in DOSBox
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in DOSBox
ID: USN-5356-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS
Datum: So, 10. April 2022, 11:33
Referenzen: https://ubuntu.com/security/notices/USN-5356-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7165
https://launchpad.net/ubuntu/+source/dosbox/0.74-4.3ubuntu0.1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12594
Applikationen: DOSBox

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8472599758107069280==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------Al5bT0eJmy54AOY0tq8snvtT"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------Al5bT0eJmy54AOY0tq8snvtT
Content-Type: multipart/mixed;
 boundary="------------70VSk0I8H0xR0snL2BphqDVR";
 protected-headers="v1"
From: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <996d9a16-154c-8534-9eb4-e76bf935136b@canonical.com>
Subject: [USN-5356-1] DOSBox vulnerabilities
References: <20220330154843.23C8126C26FF@lillypilly.canonical.com>
In-Reply-To: <20220330154843.23C8126C26FF@lillypilly.canonical.com>

--------------70VSk0I8H0xR0snL2BphqDVR
Content-Type: multipart/mixed;
 boundary="------------TjY0NyAcowbkMk03HQGQRPPC"

--------------TjY0NyAcowbkMk03HQGQRPPC
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================

Ubuntu Security Notice USN-5356-1
March 30, 2022

dosbox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in DOSBox.

Software Description:
- dosbox: An Open Source DOS emulator to run old DOS games.

Details:

Alexandre Bartel discovered that DOSBox incorrectly handled
long lines in certain files. An attacker could possibly use
this issue to execute arbitrary code. (CVE-2019-7165)

Alexandre Bartel discovered that DOSBox incorrectly performed
access control over certain directories. An attacker could
possibly use this issue to execute arbitrary code.
(CVE-2019-12594)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
dosbox 0.74-4.3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5356-1
CVE-2019-12594, CVE-2019-7165

Package Information:
https://launchpad.net/ubuntu/+source/dosbox/0.74-4.3ubuntu0.1
--------------TjY0NyAcowbkMk03HQGQRPPC
Content-Type: application/pgp-keys;
 name="OpenPGP_0x196D412138F33F64.asc"
Content-Disposition: attachment;
 filename="OpenPGP_0x196D412138F33F64.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGIl7V0BDAC+6Rrs/dA9eDfxCA5DutvqKqSxwodFEgiMxDLnR0OSrwlYgTFh
X+OChdT+L0AyBJsjfsrWByRCm/Eky6JE9QtnmDpusvrYwXmVm/Whe/0W+qJ6rzzU
sL0GkZoOUt2JhTdYcJ1o2A+J3RgXUuXUENMrpFhUwwpu7YOaMgCrno64C4wBgK55
KDUCd6i5bM26P4csLNjRO4+qJj4m3Hve/iJgpb510XI3aS4azY/Rm+iXGrlGMi9T
PGEDcsjoO3zT7v3l0EA5SEhpbXBHOGy94vRcMBYuUZqhwfa8Mi/h1uTtTHmT/+1f
7eWoO0tPssex6mWIodZo1epKIfjhbW63C571XIB0ZIuqfChj4k5dgthUqeJXpRDl
v3l2wd5HYzbGu3Ie37PodIeocnTa2C/o6PvN+wA4+BYWgZXCdCA5TqVrM+HCwzmF
Guc6ALYNklgpxas/4ZP6tcQxMgU8oBQ1+3Ufef46iP/jo9CvFRQ5JystLhHLfVpm
BgcILk2rYwwWjE0AEQEAAc1ARGF2aWQgRmVybmFuZGV6IEdvbnphbGV6IDxkYXZp
ZC5mZXJuYW5kZXpnb256YWxlekBjYW5vbmljYWwuY29tPsLBFAQTAQoAPhYhBIhm
zS6qttOZ5NIT3RltQSE48z9kBQJiJe1dAhsDBQkDwmcABQsJCAcDBRUKCQgLBRYC
AwEAAh4BAheAAAoJEBltQSE48z9kbG0MALnqt1PxxnNeDW11/d8nV66k/rweAfYT
TqzJ0ikuNDh94AdeuLCsOLfMk64d3KMyswD+i8CaFhkKv2kIlD/QzOku3PBUo4PP
+NxKWzCWYG3ZcGApgdhr+y7G59ZvuKxO0xxzbRIQmcnAl1qr6PvHpaSQJ/w1eKMl
GTVX5PvZNxVvg3TZ6NQhX1n2gIeqCYo4C9e9aIYCk8w4Gu6NyMiUBuy0ybMkz9JL
X4wEeRc2aGuWtSAnOayqTyDpleVy0qCH7tufh1ZL0gNFN8UJptivtmVSjNh5nPwU
x+a42iTjU3uVUGZ/UdtTOpruXHAX0zporXYXNFzZUG82Um7mYB8ETx1EribDG7TC
ktYEA+XBkfZ6JhGeeKMsLt5GmcfXB/+EoKUZjSsx94kqFNAQe6X4Y/158tZ8Gt3J
k2Aj/VBZK7lSbFjIB/jdf6ydhwLRIXsAlVx8i2NYa3SxLZMfKaet8LA/y+GNZxnj
GCdRT9eEJOZ62VETYwd+pAPW5BamUv8kW87AzQRiJe1dAQwAp0ywqyunvK5Iwn7T
x+tzixODvTgwMc+uNrH3o6+Ra6+Bn+YLmuuOwiScRb+sSErXoDz/LgLF0oIB2ZIs
Be+FT0m/eUY3xLiGF8L9DvrRSmePyiiml9rrd1wduuhg6hQw6/ef08WayVEzFWCF
63sqQk18ZKatP3WnOhSd0OT5xOXcW2//NJwFni+cjfnYuUMpVNodCwFQJtEeYSZz
zxVEJd4AtfM/ynGznPyYIsybt+fUhDvVEI+neWflpLk9jrJ1XIAhObEWkmgH9KQ3
5VGN7aLVBkxdbz2yCM4Auz8+DnDyksxuvZ3wcsM/eyIPFoBLrh3xNLOrERNqjPR3
MSnEGkt3+dkiQ5LbcvOpittix8Ycc6qdYYL6Gfy4Lfr/VZUWeGrGsVc79C+aqQUe
1dJkqGMTk9CRNaGxUlSyQ5ylcyoNlLusPGO/3zPGBIY7fOlqTVR7LFmfyxHcoCmg
EqXxhooeJn2PmTOY6E2Ap5ViYr8akucmO6GPJxHXqgW7qNDdABEBAAHCwPwEGAEK
ACYWIQSIZs0uqrbTmeTSE90ZbUEhOPM/ZAUCYiXtXQIbDAUJA8JnAAAKCRAZbUEh
OPM/ZODXDACkYliQ7r5w5IbBniu2axcW5j3PGd+G9Cm90oirsd9v35qRxErYXwbP
b79gBTMxHGgw+4mIz3F2mzzynZ11joW+0Zr8Vgr3BKSNBS5hz9NfcwkdiubkGsoj
jhruNUFtQqBNyQIJh9CfECXq2puYY7H6lu13bBNb49TY6XzyvOni2A5WntQqN+Ap
/RkxkLIGnBwi4p06OYs9Atda8IrMv0zXxlzRNEqk1cniNsSyRWHruVvN6nhVuvwF
sNM6z7F48B8tTh3iKludMPVL5YgGQeVtN3rXOwPCq3f9Y6G67eJxs7HhQYtuj7Gn
c3porYgLw2xOh6BOa6dWby0/adS79+FdycEtlNRKlrLMneEL2Sk1zrKVd0uF96yX
VOS0nAHllLod67uFgjT85P2MZWN7dPD6jAhv9rOq9cgOCKB+ulACePOpoXDFzgND
w5FGDbZtHYnLrJWyyqnas4ms4pnmJsnHAyDBWYS8a6j82D7NSx/7MrH6bAFl18zK
7/zNmhJ06VU=3D
=3DJWgW
-----END PGP PUBLIC KEY BLOCK-----

--------------TjY0NyAcowbkMk03HQGQRPPC--

--------------70VSk0I8H0xR0snL2BphqDVR--

--------------Al5bT0eJmy54AOY0tq8snvtT
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEiGbNLqq205nk0hPdGW1BITjzP2QFAmJFViAFAwAAAAAACgkQGW1BITjzP2Tw
GQwAtyqF3Aa2EywaaHR+oPleJwSjHkJOaJgO3Fvw1dGVaq1+4UPNY4mas7WfIRODoRTvNPBHVNoD
NgNQAaRdUJdQI2ctvumKfvYtKJEW208St6gLR9MElP2n5kIpWf/xxjA+nezCPPB9jxS/H5iZRXWl
J+FGxypXoZxs3+CeXYfMKTpheLp6TqF/hxgNlOXXhNck0IAg46TkmxuQuR6ZzxOBAo/aYQiBnSDx
TwjUeHIA5COLSATuwSG9t4VpLM3SW8B+FudPVuCFoRTOOQEmxqGX0zHDT5VM5pm2ruNRObsTyUja
x4kQFxJt2F6+j+o4e5fmg0OFyp+jtwCoCFYf2BBmd9fzsxZ38NWLDq6wGvmjiUs+8w8uFL9BICN3
marySu5vjmOq/RDVdZKU4YlpPYQUVjsl0p7m8q0QoycKzw9Lhu/zsRTglvy2mApvEero56isnbCJ
O423plsqLUBDIhQNKhWxHbnY6Dip3BllIr5et4u/jpU2PmO+Mwwc1p6xyErP
=/fg4
-----END PGP SIGNATURE-----

--------------Al5bT0eJmy54AOY0tq8snvtT--


--===============8472599758107069280==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============8472599758107069280==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung