Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Ubuntu: USN-3760-1 Critical: Transfig Code Execution Exploit

Calendar Sep 06, 2018 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical code execution Ubuntu arbitrary code software package transfig
transfig could be made to execute arbitrary code if it received a specially crafted FIG file. 
=========================================================================Ubuntu Security Notice USN-3760-1
September 06, 2018

transfig vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

transfig could be made to execute arbitrary code if it received a
specially crafted FIG file.

Software Description:
- transfig: Utilities for converting XFig figure files

Details:

It was discovered that transfig incorrectly handled certain FIG files.
An attacker could possibly use this to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  transfig                        1:3.2.5.e-5ubuntu0.1

Ubuntu 14.04 LTS:
  transfig                        1:3.2.5.e-1ubuntu1.1

In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-3760-1
  CVE-2018-16140

Package Information:
  https://launchpad.net/ubuntu/+source/transfig/1:3.2.5.e-5ubuntu0.1
  https://launchpad.net/ubuntu/+source/transfig/1:3.2.5.e-1ubuntu1.1

Ubuntu: USN-3760-1 Critical: Transfig Code Execution Exploit

ubuntu
Calendar Grey September 6, 2018
Dist Ubuntu Esm H88
A security flaw in Ubuntu's Transfig may permit arbitrary code execution via malicious FIG files. Upgrade to version 1.3.1-2 or later to protect your system
transfig could be made to execute arbitrary code if it received a specially crafted FIG file.

Summary

Topics%20covered

Topics Covered

security advisory critical code execution Ubuntu arbitrary code software package transfig

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS:   transfig                        1:3.2.5.e-5ubuntu0.1 Ubuntu 14.04 LTS:   transfig                        1:3.2.5.e-1ubuntu1.1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3760-1

  CVE-2018-16140

Severity
critical
Lowest
Low
Medium
High
Critical

September 06, 2018

Topics%20covered

Topics Covered

security advisory critical code execution Ubuntu arbitrary code software package transfig

Package Information

  https://launchpad.net/ubuntu/+source/transfig/1:3.2.5.e-5ubuntu0.1   https://launchpad.net/ubuntu/+source/transfig/1:3.2.5.e-1ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here