Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in jbig2dec
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in jbig2dec
ID: USN-5405-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 ESM
Datum: Fr, 6. Mai 2022, 06:07
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9216
Applikationen: jbig2dec

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5811427551962333732==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------9k4RDU7fYaCf5dlkp602a5Vo"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------9k4RDU7fYaCf5dlkp602a5Vo
Content-Type: multipart/mixed;
 boundary="------------A0g0MjMzlHPP0vwsrynB2Fbt";
 protected-headers="v1"
From: Ian Constantin <ian.constantin@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <cc992b71-b56f-dbfe-8890-9a16cbe4813c@canonical.com>
Subject: [USN-5405-1] jbig2dec vulnerabilities

--------------A0g0MjMzlHPP0vwsrynB2Fbt
Content-Type: multipart/mixed;
 boundary="------------ltsz90HhlgwwELyIp3yrF1tl"

--------------ltsz90HhlgwwELyIp3yrF1tl
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-5405-1
May 05, 2022

jbig2dec vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in jbig2dec.

Software Description:
- jbig2dec: JBIG2 decoder library

Details:

It was discovered that jbig2dec incorrectly handled memory when parsing
invalid files. An attacker could use this issue to cause jbig2dec to 
crash, leading to a denial of service. (CVE-2017-9216)

It was discovered that jbig2dec incorrectly handled memory when 
processing untrusted input. An attacker could use this issue to cause a 
denial of service, or possibly execute arbitrary code. (CVE-2020-12268)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   jbig2dec                          0.12+20150918-1ubuntu0.1+esm2
   libjbig2dec0                    0.12+20150918-1ubuntu0.1+esm2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5405-1
   CVE-2017-9216, CVE-2020-12268
--------------ltsz90HhlgwwELyIp3yrF1tl
Content-Type: application/pgp-keys;
 name="OpenPGP_0x6B5F8F2FE775FC48.asc"
Content-Disposition: attachment;
 filename="OpenPGP_0x6B5F8F2FE775FC48.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGFaURQBDADEy91TinXYUHMtIiD17R9GWDIHaLx1X7AJVMkDJTqEbpHHvzt+
Xc7woGRyT3WwD3GO7zgZAXY5uyjpyD3JIdHhEem5Qo0HObcXGWmJrkT7tZuxyswn
6D/DxWFXT02FuA0OtUeTw5s/bhrjZksDy1fo/fCatyXYHb6xiRNRkCDMUNr4Ft+G
rNxbFuZ23bl/ilk2j39r/VHOzgLY4HaVseuvZNcglMdb6Uv7+eujskrJiJ/qytIN
Iv6w5ErG0EzYTYFAUQJPHsINTfw+F/8h2mR1DWTbr2YSyEF3IaEkD+VwyeLNq+nQ
8D9QXltIwurykshNlgbRxHeqK03F2IbWe0SpgTmgJg2McfM4Q08t4WQL3vFsYgVx
NjUwjQ7My7aq3lwx75HNFHwFCIrHrlpagXl95ofYV+PAOUHfyt09PwR/QWe/jx/J
jbl+HzRUELtIZQddo3+nJzcQwjSIHvRIS9/PyP2T8+ca+jpQw5N1NPdXVi+95vuu
UqTlv4z53hRzgPMAEQEAAc0tSWFuIENvbnN0YW50aW4gPGlhbi5jb25zdGFudGlu
QGNhbm9uaWNhbC5jb20+wsEUBBMBCgA+FiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgF
AmFoOakCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQa1+PL+d1
/Eh6kQv/QEirzB3/yYGAOebonEueqtiI85bOfbPakjWE3kEUIpK62bpE1JjS6tld
qc9ms+S/WrGNmHHofn+Ielz7NSl1fhXjjT+2EFzy8k10H9NZKa3MOJvxpkPB12u+
4F/be9e1NWK4O3jCzX/BrrLh4gqCX8QTYqe+1rRIxWe2wWRRx8v5afdpmsn/BSgF
fVSJkrbXzJSdiBaLEDcVDJUC9r2u9RLIz8oSlOWw9Cl8Zvo67ZB0pFRjyJfRYNPO
FBaez6vCA/wSmtTUI4RK+ulsNY7SitNDsRe4FgebBvVNIOg7b3G5sYMwpbm0gqTu
1lLKJFJrPf8AwPuNV4b1n9or0+j/7YeSiB3L4JCTFu5Assu5WIAWduQ3eUKGqWQT
f2R52O6hbLCVkYISWnq5kStYEF0BpRHZGAhPceA3GEw70rq+CNVeIQEBkGY7ICLO
vgmwrxr+J7VXVamQoT07yqkhH2kNw+1pngArk5tU4Jamw61nFKS8a6nL/UJrx7Cq
YJ0bopQhzsDNBGFaURQBDACrKH35R6CbP9L3yg85xGZmsh2ZwpBCZo7YZLL6YzBk
rFcyaNv5TJsvd3pDF4JvgrNEt5oL45dpiqkrzPjSxfk7MV5ZLQbnBeMFeyNY9hi5
HhLGciTZ2gv8KgTk3uX3vwrwn+HQs993zxSFJZIppbEPGpXkA8GXg7ZLWAKrO2MB
lTLnBydQ+c9MetN3VtWXY60qlWKtpp5o821Rh75mqZRZbxSDU4QTCXdl26EY8/Yo
9Hn2u9nFDvB94EZQ62lHu8uah32y90lDdCqbrJx8F70ZJmhqRyLTtMEJfol349Zs
zwOkK/jyDrOBsgY8I410DTj0jhqBRS+nF8t8+UkYzpzT8D+sIWgiD3fwvb6Z5X4W
70zn/clnOInGxay6cwf6RA2Bvl7I7m43SoLCL8wsmB1/FLiW+ByL6A4FzHcMw+Nb
2hxbHJCc5fdJblFdkuAV47CUCs9iH8QLcFK9bDJi45V86EYzJzFkQsAHWpq0KqSH
AOUVk33VTVOk7kVoyTlF5n8AEQEAAcLA/AQYAQoAJhYhBHMXb+IAghPFvZ67eWtf
jy/ndfxIBQJhWlEUAhsMBQkDwmcAAAoJEGtfjy/ndfxIePEMAMIyupD/2A+HHB1W
KpgDq3w0pmJCfzxtGAB6V6CvZ/Ppy5v6FTY99fIV36rRD3gbdD75qEKaEHZI2phx
ESmZ3zYbMQDKKBj94UTrpufpDTn3QKIqBNz5ZawrZs9XVs8ilpIj5Weearle52Us
6KUxL7dDXe3ZU48788o4gnQ1fb6UKLCTCAf2o+eOlX+v9PD5dZKN2epfa7UF/+ZL
SGrxqj5VpXoembsO34DhjMpVTj7io1PIIv2lBJs73+lPFnudGNWuFp5EFddc7Ns9
Fjlr41CPwKF7HrHiML1+Fg8fc52UXoXbfC7ov1NAY19rJtmfyIsThRHpLfdJCoGU
j+rQi/h/Pra9+R+SOebgpcb3IUUOzL/qQk4LYd6t4HZmMuNALI8nryrS/BPopLRB
2ll2rztAUVvIkBi27+tDVhodsxwn+Qd6krMTsDt/9joHtTYE/sU6JRX2LKIB9Xxw
c3BVMz+rWGZ4nShuCigqLjVEkckop9peeUR2Z+vdPh2TFOgHCA=3D=3D
=3DCoJZ
-----END PGP PUBLIC KEY BLOCK-----

--------------ltsz90HhlgwwELyIp3yrF1tl--

--------------A0g0MjMzlHPP0vwsrynB2Fbt--

--------------9k4RDU7fYaCf5dlkp602a5Vo
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmJ0W1YACgkQa1+PL+d1
/EhKwQv9He1freG1qSovaRTD9cEsRM+33EDY0UEsPyVdNgXvqWGN8Z4ujGsGCNs4
QpANusYsM+s44kGrAaLS0o0X4YTOpNFEcB3PBsm3r2y2xVGnxP4cJ8YO8mlpmtT9
HCf+4l1CurOPK3Hq6hO80KTzWWykg0G6k7t8MzYHRjnl1xgvMc6bUmrlT8ZuHghF
Aobl3F24bHHWuoBYpgS8+sRJClFx4s3/zcIIMiMH2MEHNZOJh2DrOxrtfJcyAjHm
0urHUhCH99+Kr82J3sDRKONV7KjaPxmGKg7lAO2T40veWDbvPmKog+nhBrgn42nR
RMNeihKxD+pOY/Hsf86MlEPoqyr8aahS/CHopOdnlH0NPNsfEOvDNd5JVsCQmIOV
CiARH5Iz9NuTilvLdVhdO08dLqQYu/s3fryoe7nk4pO/xhadFSpD9ovcv45NUe55
ToPlPxrjvtyUberNJn3iD+3j2ci/5P18buSslo7GIjp2spX8S/GHcUE3KMqmaU3i
MRYSYVKI
=FX/g
-----END PGP SIGNATURE-----

--------------9k4RDU7fYaCf5dlkp602a5Vo--


--===============5811427551962333732==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============5811427551962333732==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung