Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 16.04 LTS: USN-4545-1 Critical: Libquicktime Denial Of Service

ubuntu
Calendar Grey September 25, 2020
Dist Ubuntu Esm H88
Multiple vulnerabilities in libquicktime addressed in Ubuntu Security Notice USN-4546-1 to mitigate potential denial of service threats.
Several security issues were fixed in libquicktime.

Summary

Several security issues were fixed in libquicktime.

Software Description:

- libquicktime: Library for reading and writing quicktime files

Details:

It was discovered that libquicktime incorrectly handled certain malformed

MP4 files. If a user were tricked into opening a specially crafted MP4

file, a remote attacker could use this issue to cause a denial of service

(resource exhaustion). (CVE-2017-9122)

It was discovered that libquicktime incorrectly handled certain malformed

MP4 files. If a user were tricked into opening a specially crafted MP4

file, a remote attacker could use this issue to cause libquicktime to

crash, resulting in a denial of service. (CVE-2017-9123, CVE-2017-9124,

CVE-2017-9126, CVE-2017-9127, CVE-2017-9128)

It was discovered that libquicktime incorrectly handled certain malformed

MP4 files. If a user were tricked into opening a specially crafted MP4

file, a remote attacker could use this issue to cause a denial of service.

(CVE-2017-91...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libquicktime2                   2:1.2.4-7+deb8u1ubuntu0.1
  quicktime-utils                 2:1.2.4-7+deb8u1ubuntu0.1
  quicktime-x11utils              2:1.2.4-7+deb8u1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4545-1

CVE-2017-9122, CVE-2017-9123, CVE-2017-9124, CVE-2017-9125,

CVE-2017-9126, CVE-2017-9127, CVE-2017-9128

Severity
critical
Lowest
Low
Medium
High
Critical

September 25, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here