Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu: USN-3760-1 Critical: Transfig Code Execution Exploit

ubuntu
Calendar Grey September 6, 2018
Dist Ubuntu Esm H88
A security flaw in Ubuntu's Transfig may permit arbitrary code execution via malicious FIG files. Upgrade to version 1.3.1-2 or later to protect your system
transfig could be made to execute arbitrary code if it received a specially crafted FIG file.

Summary

transfig could be made to execute arbitrary code if it received a

specially crafted FIG file.

Software Description:

- transfig: Utilities for converting XFig figure files

Details:

It was discovered that transfig incorrectly handled certain FIG files.

An attacker could possibly use this to execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  transfig                        1:3.2.5.e-5ubuntu0.1

Ubuntu 14.04 LTS:
  transfig                        1:3.2.5.e-1ubuntu1.1

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3760-1

  CVE-2018-16140

Severity
critical
Lowest
Low
Medium
High
Critical

September 06, 2018

Package Information

  https://launchpad.net/ubuntu/+source/transfig/1:3.2.5.e-5ubuntu0.1
  https://launchpad.net/ubuntu/+source/transfig/1:3.2.5.e-1ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.