Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Ubuntu 18.04 LTS: USN-5671-1 Critical AdvanceCOMP Denial of Service

ubuntu
Calendar Grey October 12, 2022
Dist Ubuntu Esm H88
Recent updates addressed critical vulnerabilities in AdvanceCOMP for Ubuntu 18.04 LTS and 16.04 ESM. Noteworthy observations on memory oversight defects.
Several security issues were fixed in AdvanceCOMP.

Summary

Several security issues were fixed in AdvanceCOMP.

Software Description:

- advancecomp: collection of recompression utilities

Details:

It was discovered that AdvanceCOMP did not properly manage memory of function

be_uint32_read() under certain circumstances. If a user were tricked into

opening a specially crafted binary file, a remote attacker could possibly use

this issue to cause AdvanceCOMP to crash, resulting in a denial of service.

(CVE-2019-8379)

It was discovered that AdvanceCOMP did not properly manage memory of function

adv_png_unfilter_8() under certain circumstances. If a user were tricked into

opening a specially crafted PNG file, a remote attacker could possibly use this

issue to cause AdvanceCOMP to crash, resulting in a denial of service.

(CVE-2019-8383)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  advancecomp                     2.1-1ubuntu0.18.04.2

Ubuntu 16.04 ESM:
  advancecomp                     1.20-1ubuntu0.2+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5671-1

CVE-2019-8379, CVE-2019-8383

Severity
critical
Lowest
Low
Medium
High
Critical

October 12, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.