This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8941604116452029725==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="r9CHmdGtX0h6tebp1j6ns22LWz5jgnB93"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--r9CHmdGtX0h6tebp1j6ns22LWz5jgnB93
Content-Type: multipart/mixed; boundary="PlTaQSbctEwo0PV02NrObAx40xY0ZEnqT";
protected-headers="v1"
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: "ubuntu-security-announce@lists.ubuntu.com"
Message-ID: <1d26457e-e6e5-a617-55b8-f9d5221124ee@canonical.com>
Subject: [USN-4957-1] DjVuLibre vulnerabilities
--PlTaQSbctEwo0PV02NrObAx40xY0ZEnqT
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-4957-1
May 17, 2021
djvulibre vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in DjVuLibre.
Software Description:
- djvulibre: DjVu image format library and tools
Details:
It was discovered that DjVuLibre incorrectly handled certain memory
operations. If a user or automated system were tricked into processing a
specially crafted DjVu file, a remote attacker could cause applications
to hang or crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.04:
libdjvulibre21 3.5.28-1ubuntu0.1
Ubuntu 20.10:
libdjvulibre21 3.5.27.1-15ubuntu0.1
Ubuntu 20.04 LTS:
libdjvulibre21 3.5.27.1-14ubuntu0.1
Ubuntu 18.04 LTS:
libdjvulibre21 3.5.27.1-8ubuntu0.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-4957-1
CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493,
CVE-2021-3500
Package Information:
https://launchpad.net/ubuntu/+source/djvulibre/3.5.28-1ubuntu0.1
https://launchpad.net/ubuntu/+source/djvulibre/3.5.27.1-15ubuntu0.1
https://launchpad.net/ubuntu/+source/djvulibre/3.5.27.1-14ubuntu0.1
https://launchpad.net/ubuntu/+source/djvulibre/3.5.27.1-8ubuntu0.3
--PlTaQSbctEwo0PV02NrObAx40xY0ZEnqT--
--r9CHmdGtX0h6tebp1j6ns22LWz5jgnB93
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmCis8UACgkQZWnYVadE
vpMxwQ//c7PI4ZIcBZMclGcpFqlgmH875A2kHwGidWjwwRqeFnXlX74zFr/99eNW
/MBolY2b52IOWidlxD2XnuhHXmadO0+ZzxPLC0+dck8IsK0fiNIJkIAWI/lBxpih
jyXAQ9joulqP6X3BjkF4up4Yry5vgEFqfzH5Ek/ZY1J57fiGrSL0xGtsZxCxgaiR
5fnVR5XLKzlv+4RrMRDSyO9a9CC+W5bVAgJ33EHDENK3a6+rl0ewhve8ZerYVzGp
AkYxlcPO+sYM3lO6nf98E4c9TFze24v0pztsWuclPdGB5yj/7STsAhGZSWCXTllK
M0G4LTaIL1ExKg9uaTR+b6jEBORJHnSrG/796RkDLkt4l1R5yj+b7NkCa90F/Qwn
IrdpEpoGnMjJeR6jmGSHATZZdyC0FSlB3zhbexP54a3NEqtOW3KCi9y+Ax9Wf12s
0zOJvejINzloatNix2ot/sUYUu7fCEKZ08+3ow7llf7ZBri10vmVvQAU34zUU4mR
5nHLK62/pHg8CClAItxPJMQLqZKiiK0IREXFRdjDNYYOp91IYRG+dxxZONN4C3sJ
ZMjJXCloZJHJVPcyAevsyKnziA9WCFP+rochh8QWvdFxGwPTPFKX2lXUcbcgM/B0
JBeRitJFNY8EJx50i8kVumtF1vfthc3KwB6PrI/muf9v0ivc3HQ=
=/4Gf
-----END PGP SIGNATURE-----
--r9CHmdGtX0h6tebp1j6ns22LWz5jgnB93--
--===============8941604116452029725==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK
--===============8941604116452029725==--
|