Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5838-1

Ubuntu Security Notice 5838-1 - It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on MNG file. If a user were tricked into opening a specially crafted MNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on ZIP file. If a user were tricked into opening a specially crafted ZIP file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service.

Packet Storm
Open in Source
#vulnerability#ubuntu#dos#perl
==========================================================================Ubuntu Security Notice USN-5838-1February 01, 2023advancecomp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 ESMSummary:Several security issues were fixed in AdvanceCOMP.Software Description:- advancecomp: collection of recompression utilitiesDetails:It was discovered that AdvanceCOMP did not properly manage memory whileperforming read operations on MNG file. If a user were tricked into openinga specially crafted MNG file, a remote attacker could possibly use thisissue to cause AdvanceCOMP to crash, resulting in a denial of service.(CVE-2022-35014, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019,CVE-2022-35020)It was discovered that AdvanceCOMP did not properly manage memory whileperforming read operations on ZIP file. If a user were tricked into openinga specially crafted ZIP file, a remote attacker could possibly use thisissue to cause AdvanceCOMP to crash, resulting in a denial of service.(CVE-2022-35015, CVE-2022-35016)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:  advancecomp                     2.3-1ubuntu0.22.10.1Ubuntu 22.04 LTS:  advancecomp                     2.1-2.1ubuntu2.1Ubuntu 20.04 LTS:  advancecomp                     2.1-2.1ubuntu0.20.04.1Ubuntu 18.04 LTS:  advancecomp                     2.1-1ubuntu0.18.04.3Ubuntu 16.04 ESM:  advancecomp                     1.20-1ubuntu0.2+esm2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5838-1  CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,  CVE-2022-35018, CVE-2022-35019, CVE-2022-35020Package Information:  https://launchpad.net/ubuntu/+source/advancecomp/2.3-1ubuntu0.22.10.1  https://launchpad.net/ubuntu/+source/advancecomp/2.1-2.1ubuntu2.1  https://launchpad.net/ubuntu/+source/advancecomp/2.1-2.1ubuntu0.20.04.1  https://launchpad.net/ubuntu/+source/advancecomp/2.1-1ubuntu0.18.04.3

Related news

CVE-2022-35014: Poc/CVE-2022-35014.md at main · Cvjark/Poc

Advancecomp v2.3 contains a segmentation fault.

CVE-2022-35017: Poc/CVE-2022-35017.md at main · Cvjark/Poc

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

CVE-2022-35018: Poc/CVE-2022-35018.md at main · Cvjark/Poc

Advancecomp v2.3 was discovered to contain a segmentation fault.

CVE-2022-35019: Poc/CVE-2022-35019.md at main · Cvjark/Poc

Advancecomp v2.3 was discovered to contain a segmentation fault.

CVE-2022-35020

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.

CVE-2022-35015: Poc/CVE-2022-35015.md at main · Cvjark/Poc

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

CVE-2022-35016: Poc/CVE-2022-35016.md at main · Cvjark/Poc

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution
Packet Storm