You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa gettext

Sigurnosni nedostatak programskog paketa gettext

by Marina Dimic Vugec - 0
  • Detalji os-a: WN7
  • Važnost: INF
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3815-2
November 12, 2018

gettext vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

gettext could be made to execute arbitrary code if it received
a specially crafted message.

Software Description:
– gettext: GNU Internationalization utilities

Details:

USN-3815-1 fixed a vulnerability in gettext. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that gettext incorrectly handled certain messages.
An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
gettext                         0.18.1.1-5ubuntu3.1

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3815-2
https://usn.ubuntu.com/usn/usn-3815-1
CVE-2018-18751—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJb6YAhAAoJEEW851uECx9plfsP+wYkQJvtkzAIiHy2vmdfH1eg
oPfb91SCegtaqyxrALmiTIjv7LYEzv8/vATrGPIgkbETOJvMrBCP6+kVhWTFuwAO
Mbi3tJyvBtPmHeA9RtmDzCAWhnGdhoqid7WiMXNflUbKgX6unJwqD0v99Zl+4owP
VvoBsN8Z9qCVzmZRXFm5/Ffq1trSPLvKqsSVMc7N8MII2eyy+Op6o9XOHPBFJYxt
ucDDK1EmmlE4RrJ1dsMCQ8JJbe754Y9tWQib+hizJgYyLyUzyv/XYyESwuJ1eTIG
aPPVr9PdvPJT5YuTR9Xc6HxiT+mhnWHNMhb9zwDxFW4h30rsUC9F7RA7ZbrjkZZC
ohUDLnz0m7uZrf1iQuyKBLki5uguKyduO/UA4tv8GJM5JptXdLAZKpczWyIFjAGp
fnvHmmanGnEPoipc+3h9FBxWeJy+0lcMGDjUthm4+yP9S6uIGT6J/LOoE6lsvmUK
Jv/44u+2C1a1ffSbpMi1S48iwFpIJBAs57iAvh2rpKzDBGv3cPV1k1OxUFPPQnue
OMrEJBmeZVmemPS/CJfDrRMyruBMCyVORaG/npSOVa+xJI4oj93U1cF49LG+ixzW
Qx31CtgvRPpVHTYIGnWpeftdSHURHUkk4CvSeJGovP2mu7G2xRXrp+dNmGg9p5Si
2G+dr/cQIxpoKImRyjLx
=65du
—–END PGP SIGNATURE—–

==========================================================================
Ubuntu Security Notice USN-3815-1
November 12, 2018

gettext vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

gettext could be made to execute arbitrary code if it received
a specially crafted message.

Software Description:
– gettext: GNU Internationalization utilities

Details:

It was discovered that gettext incorrectly handled certain messages.
An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
gettext                         0.19.8.1-8ubuntu0.1

Ubuntu 18.04 LTS:
gettext                         0.19.8.1-6ubuntu0.1

Ubuntu 16.04 LTS:
gettext                         0.19.7-2ubuntu3.1

Ubuntu 14.04 LTS:
gettext                         0.18.3.1-1ubuntu3.1

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3815-1
CVE-2018-18751

Package Information:
https://launchpad.net/ubuntu/+source/gettext/0.19.8.1-8ubuntu0.1
https://launchpad.net/ubuntu/+source/gettext/0.19.8.1-6ubuntu0.1
https://launchpad.net/ubuntu/+source/gettext/0.19.7-2ubuntu3.1
https://launchpad.net/ubuntu/+source/gettext/0.18.3.1-1ubuntu3.1—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJb6XdJAAoJEEW851uECx9pwdAP/1qdjMdksKg+WUP7JiiO4Iql
O4s6AkJEJPoT75w0WSRMpOH9WnrWSrp/1c12WhCJUbLyXA0NYG1X06uUD4ZnSAG1
4PVOcupxi9Ts48Mj4g7K+VUxcn1+eG3TOYQ/euR6IKzjoOltSWlpIUht/537mSiR
VVqG8gtpLx9ohDX5LvzlNB0bWSiIwfbSSjrNdhmeA4MgwZnN65qGJlhGYRK2Pyn1
m/sZcf9StBtuudsMxDYmcOlEAcraBiV8pNVtg/8qyxMGCR+FOCIkUdko1aVrCQDc
NLhKrqggud1isOXBAS5QCUNo64/6uj/W8MXBjoAyDnpDHoI2+4TVgdUb6stsnofK
78bAJGmdhHRatYTGgy4rp/s/Xfxwg5imYx5qYYafRhJGWkm3JBL+DCdfvUyEuohO
A/Ly09BIaEGvZkcoxYNtTYHZzkLKyjRkmlhUtUEU3qX5WWLV9W2Rmk3eny72ouNH
zPN2DcnNVy6HjeBNqFK62p/3o6HNQVhO1NtP3eY6viwliS4kHSDTN/PJXQVFfgxi
B86rtWr2cwjbTKOjm7SxZdWxBdlrmrVQhYkaXMqzHnNMsvDDMxpZtSAnSfTJAlrw
SfxecibKWQM5rIICjUhjDFF+j7LoeADHeshSECgOZglfiTLq6HGZTswM7kwElgFb
s2T2C/dFa4NL+M69Spj0
=Bmvq
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2018-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libgit2

Otkriveni su sigurnosni nedostaci programske biblioteke libgit2 za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili...

Close