Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5672-1

Ubuntu Security Notice 5672-1 - It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service.

Packet Storm
#vulnerability#ubuntu#dos#perl

==========================================================================
Ubuntu Security Notice USN-5672-1
October 12, 2022

GMP vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 ESM

Summary:

GMP could be made to crash if it received specially crafted
input.

Software Description:

  • gmp: Multiprecision arithmetic library developers tools

Details:

It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libgmp-dev 2:6.2.0+dfsg-4ubuntu0.1
libgmp10 2:6.2.0+dfsg-4ubuntu0.1
libgmpxx4ldbl 2:6.2.0+dfsg-4ubuntu0.1

Ubuntu 18.04 LTS:
libgmp-dev 2:6.1.2+dfsg-2ubuntu0.1
libgmp10 2:6.1.2+dfsg-2ubuntu0.1
libgmpxx4ldbl 2:6.1.2+dfsg-2ubuntu0.1

Ubuntu 16.04 ESM:
libgmp-dev 2:6.1.0+dfsg-2ubuntu0.1~esm1
libgmp10 2:6.1.0+dfsg-2ubuntu0.1~esm1
libgmpxx4ldbl 2:6.1.0+dfsg-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5672-1
CVE-2021-43618

Package Information:
https://launchpad.net/ubuntu/+source/gmp/2:6.2.0+dfsg-4ubuntu0.1
https://launchpad.net/ubuntu/+source/gmp/2:6.1.2+dfsg-2ubuntu0.1

Related news

Red Hat Security Advisory 2024-1412-03

Red Hat Security Advisory 2024-1412-03 - An update for gmp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and integer overflow vulnerabilities.

Gentoo Linux Security Advisory 202309-13

Gentoo Linux Security Advisory 202309-13 - A buffer overflow vulnerability has been found in GMP which could result in denial of service. Versions greater than or equal to 6.2.1-r2 are affected.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

CVE-2021-43618: Segmentation fault with mpz_inp_raw on gcc45

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution