Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 634
Alerts This Week
Warning Icon 1 634

Fedora 38: FEDORA-2023-eec9ce5935 Critical: Libcue RCE Fix

fedora
Calendar Grey October 12, 2023
Dist Fedora Esm H88
Important patch for Fedora 38 tackles potential code execution vulnerabilities in libcue. Discover more about the resolution today!
This update backports the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641

Summary

Libcue is intended for parsing a so-called cue sheet from a char string or

a file pointer. For handling of the parsed data a convenient API is available.

Update Information:

This update backports the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641. See [this write-up by Kevin Backhouse](- gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue and writing the fix.

Change Log

* Tue Oct 10 2023 Adam Williamson - 2.2.1-13 - Fix CVE-2023-43641 (Kevin Backhouse) * Thu Jul 20 2023 Fedora Release Engineering - 2.2.1-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References


[ 1 ] Bug #2242943 - 1-Click RCE Exploit in Libcue (CVE-2023-43641) https://bugzilla.redhat.com/show_bug.cgi?id=2242943 [ 2 ] Bug #2243167 - CVE-2023-43641 libcue: a out-of-bounds array access leads to RCE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243167

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-eec9ce5935' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libcue
Product: Fedora 38
Version: 2.2.1
Release: 13.fc38
Summary: Cue sheet parser library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.