Sicherheit: Mehrere Probleme in icoutils

Lesezeichen hinzufügen

--===============2782161064674897296==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="ZPt4rx8FFjLCG7dd"
Content-Disposition: inline

--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4695-1
January 18, 2021

icoutils vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in icoutils.

Software Description:
- icoutils: Create and extract MS Windows icons and cursors

Details:

Choongwoo Han discovered that icoutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2017-5208)

It was discovered that icoutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2017-5331, CVE-2017-5332, CVE-2017-5333)

Jerzy Kramarz discovered that icoutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2017-6009, CVE-2017-6010)

Jerzy Kramarz discovered that icoutils incorrectly handled certain files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2017-6011)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
icoutils 0.31.0-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4695-1
CVE-2017-5208, CVE-2017-5331, CVE-2017-5332, CVE-2017-5333,
CVE-2017-6009, CVE-2017-6010, CVE-2017-6011

Package Information:
https://launchpad.net/ubuntu/+source/icoutils/0.31.0-3ubuntu0.1

--ZPt4rx8FFjLCG7dd
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmAFlGkACgkQRbznW4QL
H2n4ahAAgNaexmc88iCZeA5vAjdtJNC/cmkfOkvcOZRZSO49lbJoGANmbga6rBSm
nCFt5dQ1u0BSrG2dInaEwyXjsHR5oB3hrERY30sqDLtTldkcEyi3oR6WcRYgeSX+
pzGr9SEwoZ0MYpplEvZPk/qeGBevUbL1Bs7vpb08+cqStu3YZWcPQb43Kfnv9dPg
E2PKNjJp9s4QumzCrv7y012cWinQW78FdJ2jneTw8V3C+aLHkhUwXzi7dzeNyG2Q
WBsJ0MX4RtMcVJ56MSQvl5HZhlm+PybqGAtI94VMkEOjLe7jUmDwjT57xUT0RRmS
6RMBGor/B0Dgv3npJoZcdVn3wdxfFIy+EjVDQfx64Udr0NFS3KDt0OPKdtgUWTmk
SfrDY0uDzChHRPWOxvmD60YugrdJ0ECaxH2vRwfs2iHd9dr0g+XV7rZETqLwBnBs
HL3ehXyZW/OP04v9UpYRJdO8vOm0lU+uRoP9HmUInSsAfB5WWQjdiDGdL8R3gnjC
KU1gzi7Zz7LvVtORh6+DtohzWpMPD+zoMIk5wPt9e5frAqgfOdN9OSMMqJStKQXT
UoKCqpScYHNNzTrLJfYSDDtZRIp2cJcR16u8p1auocPvkkiaqzsA2ytpM4D9T8sl
3vXENiGrfuoUuWfI3Clg0iMbH6KoKi71VqRTcPqS/IUi88BamaU=
=X7PX
-----END PGP SIGNATURE-----

--ZPt4rx8FFjLCG7dd--

--===============2782161064674897296==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce