drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in jbig2dec
Name: |
Zwei Probleme in jbig2dec |
|
ID: |
USN-5405-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 ESM |
|
Datum: |
Fr, 6. Mai 2022, 06:07 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9216 |
|
Applikationen: |
jbig2dec |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5811427551962333732== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------9k4RDU7fYaCf5dlkp602a5Vo"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------9k4RDU7fYaCf5dlkp602a5Vo Content-Type: multipart/mixed; boundary="------------A0g0MjMzlHPP0vwsrynB2Fbt"; protected-headers="v1" From: Ian Constantin <ian.constantin@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <cc992b71-b56f-dbfe-8890-9a16cbe4813c@canonical.com> Subject: [USN-5405-1] jbig2dec vulnerabilities
--------------A0g0MjMzlHPP0vwsrynB2Fbt Content-Type: multipart/mixed; boundary="------------ltsz90HhlgwwELyIp3yrF1tl"
--------------ltsz90HhlgwwELyIp3yrF1tl Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5405-1 May 05, 2022
jbig2dec vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in jbig2dec.
Software Description: - jbig2dec: JBIG2 decoder library
Details:
It was discovered that jbig2dec incorrectly handled memory when parsing invalid files. An attacker could use this issue to cause jbig2dec to crash, leading to a denial of service. (CVE-2017-9216)
It was discovered that jbig2dec incorrectly handled memory when processing untrusted input. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2020-12268)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: jbig2dec 0.12+20150918-1ubuntu0.1+esm2 libjbig2dec0 0.12+20150918-1ubuntu0.1+esm2
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5405-1 CVE-2017-9216, CVE-2020-12268 --------------ltsz90HhlgwwELyIp3yrF1tl Content-Type: application/pgp-keys; name="OpenPGP_0x6B5F8F2FE775FC48.asc" Content-Disposition: attachment; filename="OpenPGP_0x6B5F8F2FE775FC48.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGFaURQBDADEy91TinXYUHMtIiD17R9GWDIHaLx1X7AJVMkDJTqEbpHHvzt+ Xc7woGRyT3WwD3GO7zgZAXY5uyjpyD3JIdHhEem5Qo0HObcXGWmJrkT7tZuxyswn 6D/DxWFXT02FuA0OtUeTw5s/bhrjZksDy1fo/fCatyXYHb6xiRNRkCDMUNr4Ft+G rNxbFuZ23bl/ilk2j39r/VHOzgLY4HaVseuvZNcglMdb6Uv7+eujskrJiJ/qytIN Iv6w5ErG0EzYTYFAUQJPHsINTfw+F/8h2mR1DWTbr2YSyEF3IaEkD+VwyeLNq+nQ 8D9QXltIwurykshNlgbRxHeqK03F2IbWe0SpgTmgJg2McfM4Q08t4WQL3vFsYgVx NjUwjQ7My7aq3lwx75HNFHwFCIrHrlpagXl95ofYV+PAOUHfyt09PwR/QWe/jx/J jbl+HzRUELtIZQddo3+nJzcQwjSIHvRIS9/PyP2T8+ca+jpQw5N1NPdXVi+95vuu UqTlv4z53hRzgPMAEQEAAc0tSWFuIENvbnN0YW50aW4gPGlhbi5jb25zdGFudGlu QGNhbm9uaWNhbC5jb20+wsEUBBMBCgA+FiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgF AmFoOakCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQa1+PL+d1 /Eh6kQv/QEirzB3/yYGAOebonEueqtiI85bOfbPakjWE3kEUIpK62bpE1JjS6tld qc9ms+S/WrGNmHHofn+Ielz7NSl1fhXjjT+2EFzy8k10H9NZKa3MOJvxpkPB12u+ 4F/be9e1NWK4O3jCzX/BrrLh4gqCX8QTYqe+1rRIxWe2wWRRx8v5afdpmsn/BSgF fVSJkrbXzJSdiBaLEDcVDJUC9r2u9RLIz8oSlOWw9Cl8Zvo67ZB0pFRjyJfRYNPO FBaez6vCA/wSmtTUI4RK+ulsNY7SitNDsRe4FgebBvVNIOg7b3G5sYMwpbm0gqTu 1lLKJFJrPf8AwPuNV4b1n9or0+j/7YeSiB3L4JCTFu5Assu5WIAWduQ3eUKGqWQT f2R52O6hbLCVkYISWnq5kStYEF0BpRHZGAhPceA3GEw70rq+CNVeIQEBkGY7ICLO vgmwrxr+J7VXVamQoT07yqkhH2kNw+1pngArk5tU4Jamw61nFKS8a6nL/UJrx7Cq YJ0bopQhzsDNBGFaURQBDACrKH35R6CbP9L3yg85xGZmsh2ZwpBCZo7YZLL6YzBk rFcyaNv5TJsvd3pDF4JvgrNEt5oL45dpiqkrzPjSxfk7MV5ZLQbnBeMFeyNY9hi5 HhLGciTZ2gv8KgTk3uX3vwrwn+HQs993zxSFJZIppbEPGpXkA8GXg7ZLWAKrO2MB lTLnBydQ+c9MetN3VtWXY60qlWKtpp5o821Rh75mqZRZbxSDU4QTCXdl26EY8/Yo 9Hn2u9nFDvB94EZQ62lHu8uah32y90lDdCqbrJx8F70ZJmhqRyLTtMEJfol349Zs zwOkK/jyDrOBsgY8I410DTj0jhqBRS+nF8t8+UkYzpzT8D+sIWgiD3fwvb6Z5X4W 70zn/clnOInGxay6cwf6RA2Bvl7I7m43SoLCL8wsmB1/FLiW+ByL6A4FzHcMw+Nb 2hxbHJCc5fdJblFdkuAV47CUCs9iH8QLcFK9bDJi45V86EYzJzFkQsAHWpq0KqSH AOUVk33VTVOk7kVoyTlF5n8AEQEAAcLA/AQYAQoAJhYhBHMXb+IAghPFvZ67eWtf jy/ndfxIBQJhWlEUAhsMBQkDwmcAAAoJEGtfjy/ndfxIePEMAMIyupD/2A+HHB1W KpgDq3w0pmJCfzxtGAB6V6CvZ/Ppy5v6FTY99fIV36rRD3gbdD75qEKaEHZI2phx ESmZ3zYbMQDKKBj94UTrpufpDTn3QKIqBNz5ZawrZs9XVs8ilpIj5Weearle52Us 6KUxL7dDXe3ZU48788o4gnQ1fb6UKLCTCAf2o+eOlX+v9PD5dZKN2epfa7UF/+ZL SGrxqj5VpXoembsO34DhjMpVTj7io1PIIv2lBJs73+lPFnudGNWuFp5EFddc7Ns9 Fjlr41CPwKF7HrHiML1+Fg8fc52UXoXbfC7ov1NAY19rJtmfyIsThRHpLfdJCoGU j+rQi/h/Pra9+R+SOebgpcb3IUUOzL/qQk4LYd6t4HZmMuNALI8nryrS/BPopLRB 2ll2rztAUVvIkBi27+tDVhodsxwn+Qd6krMTsDt/9joHtTYE/sU6JRX2LKIB9Xxw c3BVMz+rWGZ4nShuCigqLjVEkckop9peeUR2Z+vdPh2TFOgHCA=3D=3D =3DCoJZ -----END PGP PUBLIC KEY BLOCK-----
--------------ltsz90HhlgwwELyIp3yrF1tl--
--------------A0g0MjMzlHPP0vwsrynB2Fbt--
--------------9k4RDU7fYaCf5dlkp602a5Vo Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmJ0W1YACgkQa1+PL+d1 /EhKwQv9He1freG1qSovaRTD9cEsRM+33EDY0UEsPyVdNgXvqWGN8Z4ujGsGCNs4 QpANusYsM+s44kGrAaLS0o0X4YTOpNFEcB3PBsm3r2y2xVGnxP4cJ8YO8mlpmtT9 HCf+4l1CurOPK3Hq6hO80KTzWWykg0G6k7t8MzYHRjnl1xgvMc6bUmrlT8ZuHghF Aobl3F24bHHWuoBYpgS8+sRJClFx4s3/zcIIMiMH2MEHNZOJh2DrOxrtfJcyAjHm 0urHUhCH99+Kr82J3sDRKONV7KjaPxmGKg7lAO2T40veWDbvPmKog+nhBrgn42nR RMNeihKxD+pOY/Hsf86MlEPoqyr8aahS/CHopOdnlH0NPNsfEOvDNd5JVsCQmIOV CiARH5Iz9NuTilvLdVhdO08dLqQYu/s3fryoe7nk4pO/xhadFSpD9ovcv45NUe55 ToPlPxrjvtyUberNJn3iD+3j2ci/5P18buSslo7GIjp2spX8S/GHcUE3KMqmaU3i MRYSYVKI =FX/g -----END PGP SIGNATURE-----
--------------9k4RDU7fYaCf5dlkp602a5Vo--
--===============5811427551962333732== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============5811427551962333732==--
|
|
|
|