You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa advancecomp

Sigurnosni nedostatak programskog paketa advancecomp

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3570-1
February 14, 2018

advancecomp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

AdvanceCOMP could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
– advancecomp: collection of recompression utilities

Details:

Joonun Jang discovered that AdvanceCOMP incorrectly handled certain
malformed zip files. If a user or automated system were tricked into
processing a specially crafted zip file, a remote attacker could cause
AdvanceCOMP to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
advancecomp 2.0-1ubuntu0.1

Ubuntu 16.04 LTS:
advancecomp 1.20-1ubuntu0.1

Ubuntu 14.04 LTS:
advancecomp 1.18-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3570-1
CVE-2018-1056

Package Information:
https://launchpad.net/ubuntu/+source/advancecomp/2.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/advancecomp/1.20-1ubuntu0.1
https://launchpad.net/ubuntu/+source/advancecomp/1.18-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJahF3pAAoJEGVp2FWnRL6TtGMP/0PnwI2z3XogDv6Cv6xfS2fP
zwYkSih7F/efjIUzvke8PpFnoadDdiOWzbgsUvnxi2lVSuMImcL5IgSZrj56+r0k
VAWh2/YVtYmajmSERzftCkRcM4bO75VDhfQN21IcaviyxAzlihRhgrr4XXIIJsYG
83QQ5JS2yH/nZs9XDMBFoUITTeNn+B4rLMKtSxj5hsH7Y0Ehb3Ziw1qy3TpJHl/S
pJA8BncbaZFF1HbJQAVgmjK7BpOuQgJ0QdPFb5Bs4OML7wfxkDg0tfLqZMtWmaAx
xL2+OjpsLc+gW8HIYf3yCk3cemvrUvgIOeUv2RkWdPIkG5hYvCN9mxdnd6hs83to
7//9PrZjUMOmGLrZzXmdBOFl+iInUkdW0DYWKXZh8yzLvYmWK2B8dwA1MLNKJIn0
mW5clpstfE0CZ8Dpg/pTIsdIZbIAmJOIuZU3CdZH4Hav1eRjv7FN/1OnrLvobvSf
ZxezgqgbEDZ2wIz3SyB+fBvgKQdTDdVFGiMgl8HjWwkcbW1Ds22K805nZLHcl1U0
uoN+cmRU8jLHIhqt7dUDjozWDW191PuwnQIbM8fZfMSlnwdMLuZUj4eoW7IFC/xR
ugKNP1vJ80JPq0WbjTO9Jj4rEsPVyT+NlYNmUQM5jrq5xg1ftH0CGg7guFFcuAmW
Dgic72oRjTv+GxaIGheb
=pgTX
—–END PGP SIGNATURE—–

AutorVlatka Misic
Cert idNCERT-REF-2018-02-0113-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Apache Commons Email

Otkriveni su sigurnosni nedostaci u programskom paketu Apache Commons Email za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju neovlašten...

Close