You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa Sigil

Sigurnosni nedostatak programskog paketa Sigil

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4085-1
August 01, 2019

Sigil vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Sigil could be made to overwrite files.

Software Description:
– sigil: multi-platform ebook editor

Details:

Mike Salvatore discovered that Sigil mishandled certain malformed EPUB
files. An attacker could use this vulnerability to write arbitrary files to
the filesystem.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
sigil 0.9.13+dfsg-1ubuntu0.1
sigil-data 0.9.13+dfsg-1ubuntu0.1

Ubuntu 18.04 LTS:
sigil 0.9.9+dfsg-1ubuntu0.1~esm1
sigil-data 0.9.9+dfsg-1ubuntu0.1~esm1

Ubuntu 16.04 LTS:
sigil 0.9.5+dfsg-0ubuntu1+esm1
sigil-data 0.9.5+dfsg-0ubuntu1+esm1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4085-1
CVE-2019-14452

Package Information:
https://launchpad.net/ubuntu/+source/sigil/0.9.13+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/sigil/0.9.9+dfsg-1ubuntu0.1~esm1
https://launchpad.net/ubuntu/+source/sigil/0.9.5+dfsg-0ubuntu1+esm1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1C9VUACgkQdyg1Qz0o
XX0yoRAAvg0iBMx6Ya4SYj9lpEbo3jGtMNHpW0qaATKTDJzvIiXGpngh7VEkNfDB
uWUVfS1u98xaGU5mNbkItCSnXN5l+rXXco456l9Ld4LIFcaoC+L3UPDiIi1ZIgu5
hv5S5dSPFFykHO1tNC6B2lQtDpZoDQGiXiOGPp53vdYTAjIeMtJvsie5IJ1BYvHw
07dRPBSNr1vvYldWaT8inAVL5GSmte028bMIbYFMivLOdhrbtggMqX9dHa1iZrq/
rl8WRCbXG8qWlrgr0rRnUISs8BUQlwQjYxAsxD3Ud2VONAVKl2Jc0yrUbrJFWryH
FAIQdD1mNeoTcMSlfdUtZH2w1HU5Nr1j7P7pPApkBzePFyF81pwYJCTUeSw8JoAB
gIIXjjEq7fDetJTxUm/QyGjVz+PLT0gQJfcK/fVK/V1xC26ctm/Iz0gueNv/ugK+
Z6ZB8MG1209ILExB7cbs72deFNXaCR5jH9cydmtRljUfKMg2KrpMwuhYs4bCB+MA
Smt1uiz2/DUN0nPnKsijKCFyCupMjHDgOE9Z4NbNKEpdHF7dreCoHVPa810l2EWY
H0qC5jg7cogT1U+lI/RO19+asE06E2jK5UgBBD04COmMY/Z6rYQYm8b9E4O+9+ra
PQdwtHyDBAsgEIy7oH2gaYiGNQcS8En9rWDsCusjk4vRjiJmRgk=
=p8Bk
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa python-django

Otkriveni su sigurnosni nedostaci u programskom paketu python-django za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...

Close