Fedora 37: 2023-1fe05ac8d9 Critical: libcue Arbitrary Code Execution
fedora
October 13, 2023
This update backports the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641
Summary
Libcue is intended for parsing a so-called cue sheet from a char string or
a file pointer. For handling of the parsed data a convenient API is available.
Update Information:
This update backports the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641. See [this write-up by Kevin Backhouse](- gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue and writing the fix.
Topics Covered
Change Log
* Tue Oct 10 2023 Adam Williamson
References
[ 1 ] Bug #2242943 - 1-Click RCE Exploit in Libcue (CVE-2023-43641)
https://bugzilla.redhat.com/show_bug.cgi?id=2242943
[ 2 ] Bug #2243167 - CVE-2023-43641 libcue: a out-of-bounds array access leads to RCE [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243167
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-1fe05ac8d9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: libcue
Product: Fedora 37
Version: 2.2.1
Release: 13.fc37
Summary: Cue sheet parser library
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!