Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 17.10 USN-3605-1 Critical: Sharutils Code Execution Risk

Calendar Mar 22, 2018 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical code execution package update Ubuntu arbitrary code sharutils
Sharutils could be made to execute arbitrary code if it opened a specially crafted file. 
=========================================================================Ubuntu Security Notice USN-3605-1
March 22, 2018

sharutils vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Sharutils could be made to execute arbitrary code if it opened a
specially crafted file.

Software Description:
- sharutils: shar, unshar, uuencode, uudecode

Details:

It was discovered that Sharutils incorrectly handled certain files. An
attacker could possibly use this to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  sharutils                       1:4.15.2-2ubuntu0.1

Ubuntu 16.04 LTS:
  sharutils                       1:4.15.2-1ubuntu0.1

Ubuntu 14.04 LTS:
  sharutils                       1:4.14-1ubuntu1.1

In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-3605-1
  CVE-2018-1000097

Package Information:
  https://launchpad.net/ubuntu/+source/sharutils/1:4.15.2-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/sharutils/1:4.15.2-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/sharutils/1:4.14-1ubuntu1.1

Ubuntu 17.10 USN-3605-1 Critical: Sharutils Code Execution Risk

ubuntu
Calendar Grey March 22, 2018
Dist Ubuntu Esm H88
A critical flaw in Sharutils enables the possibility of arbitrary code execution via malicious files in Ubuntu distributions. Immediate updates are recommended.
Sharutils could be made to execute arbitrary code if it opened a specially crafted file.

Summary

Topics%20covered

Topics Covered

security advisory critical code execution package update Ubuntu arbitrary code sharutils

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10:   sharutils                       1:4.15.2-2ubuntu0.1 Ubuntu 16.04 LTS:   sharutils                       1:4.15.2-1ubuntu0.1 Ubuntu 14.04 LTS:   sharutils                       1:4.14-1ubuntu1.1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3605-1

  CVE-2018-1000097

Severity
critical
Lowest
Low
Medium
High
Critical

March 22, 2018

Topics%20covered

Topics Covered

security advisory critical code execution package update Ubuntu arbitrary code sharutils

Package Information

  https://launchpad.net/ubuntu/+source/sharutils/1:4.15.2-2ubuntu0.1   https://launchpad.net/ubuntu/+source/sharutils/1:4.15.2-1ubuntu0.1   https://launchpad.net/ubuntu/+source/sharutils/1:4.14-1ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here