Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

Ubuntu 17.10 USN-3605-1 Critical: Sharutils Code Execution Risk

ubuntu
Calendar Grey March 22, 2018
Scroller Ubuntu
A critical flaw in Sharutils enables the possibility of arbitrary code execution via malicious files in Ubuntu distributions. Immediate updates are recommended.
Sharutils could be made to execute arbitrary code if it opened a specially crafted file.

Summary

Sharutils could be made to execute arbitrary code if it opened a

specially crafted file.

Software Description:

- sharutils: shar, unshar, uuencode, uudecode

Details:

It was discovered that Sharutils incorrectly handled certain files. An

attacker could possibly use this to execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  sharutils                       1:4.15.2-2ubuntu0.1

Ubuntu 16.04 LTS:
  sharutils                       1:4.15.2-1ubuntu0.1

Ubuntu 14.04 LTS:
  sharutils                       1:4.14-1ubuntu1.1

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3605-1

  CVE-2018-1000097

Severity
critical
Lowest
Low
Medium
High
Critical

March 22, 2018

Package Information

  https://launchpad.net/ubuntu/+source/sharutils/1:4.15.2-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/sharutils/1:4.15.2-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/sharutils/1:4.14-1ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.