Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

Ubuntu 16.04 LTS USN-4695-1 Critical: icoutils Code Execution Threats

ubuntu
Calendar Grey January 18, 2021
Dist Ubuntu Esm H88
Multiple icoutils vulnerabilities patched in Ubuntu 16.04 LTS, mitigating risks of denial of service and executing arbitrary code.
Several security issues were fixed in icoutils.

Summary

Several security issues were fixed in icoutils.

Software Description:

- icoutils: Create and extract MS Windows icons and cursors

Details:

Choongwoo Han discovered that icoutils incorrectly handled certain files.

An attacker could possibly use this issue to cause a denial of service

or execute arbitrary code. (CVE-2017-5208)

It was discovered that icoutils incorrectly handled certain files.

An attacker could possibly use this issue to cause a denial of service

or execute arbitrary code. (CVE-2017-5331, CVE-2017-5332, CVE-2017-5333)

Jerzy Kramarz discovered that icoutils incorrectly handled certain files.

An attacker could possibly use this issue to cause a crash or execute

arbitrary code. (CVE-2017-6009, CVE-2017-6010)

Jerzy Kramarz discovered that icoutils incorrectly handled certain files.

An attacker could possibly use this issue to expose sensitive information.

(CVE-2017-6011)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  icoutils                        0.31.0-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4695-1

CVE-2017-5208, CVE-2017-5331, CVE-2017-5332, CVE-2017-5333,

CVE-2017-6009, CVE-2017-6010, CVE-2017-6011

Severity
critical
Lowest
Low
Medium
High
Critical

January 18, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.