drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Libcroco
Name: |
Mehrere Probleme in Libcroco |
|
ID: |
USN-5389-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 ESM |
|
Datum: |
Di, 26. April 2022, 22:16 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8834
https://ubuntu.com/security/notices/USN-5389-1 |
|
Applikationen: |
Libcroco |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3977642541018405753== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------hwMM039JbRPn5Yl1Cwrcw0b4"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------hwMM039JbRPn5Yl1Cwrcw0b4 Content-Type: multipart/mixed; boundary="------------CBvngUIrp4qmIgx80MEWqUKN"; protected-headers="v1" From: Camila Camargo de Matos <camila.camargodematos@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <284191b4-c5fe-dbdc-92e5-20284a8ea8dc@canonical.com> Subject: [USN-5389-1] Libcroco vulnerabilities
--------------CBvngUIrp4qmIgx80MEWqUKN Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5389-1 April 26, 2022
libcroco vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Libcroco.
Software Description: - libcroco: Cascading Style Sheet (CSS) parsing and manipulation toolkit
Details:
It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-7960)
It was discovered that Libcroco was incorrectly handling invalid UTF-8 values when processing CSS files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-8834, CVE-2017-8871)
It was discovered that Libcroco was incorrectly implementing recursion in one of its parsing functions, which could cause an infinite recursion loop and a stack overflow due to stack consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-12825)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: libcroco-tools 0.6.11-1ubuntu0.1~esm1 libcroco3 0.6.11-1ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5389-1 CVE-2017-7960, CVE-2017-8834, CVE-2017-8871, CVE-2020-12825
--------------CBvngUIrp4qmIgx80MEWqUKN--
--------------hwMM039JbRPn5Yl1Cwrcw0b4 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEGq96SdAIJY1vInRLbzAtCH6LqTYFAmJoBAoFAwAAAAAACgkQbzAtCH6LqTbE Cgf/faZIXHn5pLmc1t/7STXup4XvOvcUPQ6UFMtgWccbXoRNX3ZQbnfTWQRS7a4I3HjblpZRVT/v qyh4l+CWK5/AzFQQv9gyrE2PvXKFWDtwsiimEPg1EViKJCWic5yGKUoW5Ucea6U3/8YEgZ3Ye2nU s8hszFI0Xeryk9VIIQQPd041UFsCQHwZVevqahkKaIeMMe4ZigLJeCNUwJisElAJjgksP2wxC17W 8iuHphkfO8vcfrgtBalqPrhc5FGXjSltmRg7pRWcg4F95u1nVsRCylcwyK+Wzk6ehkfqO0Pn5I9r EbIAosKlzaFOgnmrN9e9hllPScTMh9dX8GMljdYKkw== =RPGq -----END PGP SIGNATURE-----
--------------hwMM039JbRPn5Yl1Cwrcw0b4--
--===============3977642541018405753== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============3977642541018405753==--
|
|
|
|