Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu: 5842-2 High: OpenSSL Security Vulnerability in TLS Handshake

ubuntu
Calendar Grey February 6, 2023
Dist Ubuntu Esm H88
Ubuntu Security Advisory USN-5843-1 tackles a critical vulnerability in the C library of EditorConfig Core that impacts several versions of Ubuntu.
EditorConfig Core C could be made to crash or run programs if it received specially crafted input.

Summary

EditorConfig Core C could be made to crash or run programs if it received

specially crafted input.

Software Description:

- editorconfig-core: coding style indenter for all editors

Details:

Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C

incorrectly handled memory when handling certain inputs. An attacker could

possibly use this issue to cause applications using EditorConfig Core C

to crash, resulting in a denial of service, or possibly execute

arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   editorconfig                    0.12.5-2.1ubuntu0.1
   libeditorconfig0                0.12.5-2.1ubuntu0.1

Ubuntu 22.04 LTS:
   editorconfig                    0.12.5-2ubuntu0.1~esm1
   libeditorconfig0                0.12.5-2ubuntu0.1~esm1

Ubuntu 20.04 LTS:
   editorconfig                    0.12.1-1.1ubuntu0.20.04.1~esm1
   libeditorconfig0                0.12.1-1.1ubuntu0.20.04.1~esm1

Ubuntu 18.04 LTS:
   editorconfig                    0.12.1-1.1ubuntu0.18.04.1~esm1
   libeditorconfig-dev             0.12.1-1.1ubuntu0.18.04.1~esm1
   libeditorconfig0                0.12.1-1.1ubuntu0.18.04.1~esm1

Ubuntu 16.04 ESM:
   editorconfig                    0.12.0-2ubuntu0.1~esm1
   libeditorconfig0                0.12.0-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5842-1

  CVE-2023-0341

February 06, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here