You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa wayland

Sigurnosni nedostaci programskog paketa wayland

by Marina Dimic Vugec - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3622-1
April 09, 2018

wayland vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Wayland could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
– wayland: Wayland compositor infrastructure

Details:

It was discovered that the Wayland Xcursor support incorrectly handled
certain files. An attacker could use these issues to cause Wayland to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libwayland-cursor0 1.14.0-1ubuntu0.1

Ubuntu 16.04 LTS:
libwayland-bin 1.12.0-1~ubuntu16.04.3
libwayland-client0 1.12.0-1~ubuntu16.04.3
libwayland-cursor0 1.12.0-1~ubuntu16.04.3
libwayland-dev 1.12.0-1~ubuntu16.04.3
libwayland-doc 1.12.0-1~ubuntu16.04.3
libwayland-server0 1.12.0-1~ubuntu16.04.3

Ubuntu 14.04 LTS:
libwayland-cursor0 1.4.0-1ubuntu1.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3622-1
CVE-2017-16612

Package Information:
https://launchpad.net/ubuntu/+source/wayland/1.14.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/wayland/1.12.0-1~ubuntu16.04.3
https://launchpad.net/ubuntu/+source/wayland/1.4.0-1ubuntu1.1

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJay6n7AAoJEGVp2FWnRL6TLXgQAK9V83ZPRUri6pgo9QK3Li3L
oUfzQl9hcn9AmzAWzpMdKG1hBtyio1Z1NB0NeW1sri1f/GDDUf215/8fO617BkpO
mh+uvD5hoCx4PPrmtLVUKaAl1eFLhSvwv+IRKYnId/3nhZFOLo6npy+dLQJluVjO
mLt7A8w8S7IkPDszIrIcTU8Hk3VW1u9/LwRsUSpJFWihRIN7kJLbuEu1YMfI01rj
cxOX26n+xivMgK4g1NJIR/lmvjSWb2YAUilhrlSc681Y+5koXr/JCmO0or03iHLO
K0z0c0Z+9I1d1cwSeBVrJR8yxzDbf8QZjHZAC2ocX19K9lb8VbH1ze34YXLqY3I4
MNPwlxeLbsyHBiSd/krixCupvkPnRh+jmNahpgKLENP1CWHr+5jbfNYKJPnNXi2E
fw/pwCIFAnxwiUQBY/I0Hv/OivLN2XIsdF5msEW0wA96XjRnVRL6LXdsKANgqqEQ
lp7uOXU2JmZwd2M5vFN3jxMWhargZMR/QN63hFHVJXD4Lc9GjTsfuwVPUXa1urZ4
UpJKSpc7qslq5RGC11ere93hye8WpMuU7ZcdSOl8AP+ipEneak5kpSDThVJTWFxv
C58Uh0++LhWsKulAruQJeMT1SAjOlpE9FZgTagXF69T0BB8myjabRd0LviOWGvwR
ViVYII6MzUCgaJqlf1/g
=Boaz
—–END PGP SIGNATURE—–

AutorPetar Bertok
Cert idNCERT-REF-2018-04-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Zend Framework

Otkriveni su sigurnosni nedostaci u programskom paketu Zend Framework za operacijski sustav Gentoo. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izvršavanje...

Close