Ubuntu 5842-1: EditorConfig Core C vulnerability | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
==========================================================================
Ubuntu Security Notice USN-5842-1
February 06, 2023

editorconfig-core vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

EditorConfig Core C could be made to crash or run programs if it received
specially crafted input.

Software Description:
- editorconfig-core: coding style indenter for all editors

Details:

Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C
incorrectly handled memory when handling certain inputs. An attacker could
possibly use this issue to cause applications using EditorConfig Core C
to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   editorconfig                    0.12.5-2.1ubuntu0.1
   libeditorconfig0                0.12.5-2.1ubuntu0.1

Ubuntu 22.04 LTS:
   editorconfig                    0.12.5-2ubuntu0.1~esm1
   libeditorconfig0                0.12.5-2ubuntu0.1~esm1

Ubuntu 20.04 LTS:
   editorconfig                    0.12.1-1.1ubuntu0.20.04.1~esm1
   libeditorconfig0                0.12.1-1.1ubuntu0.20.04.1~esm1

Ubuntu 18.04 LTS:
   editorconfig                    0.12.1-1.1ubuntu0.18.04.1~esm1
   libeditorconfig-dev             0.12.1-1.1ubuntu0.18.04.1~esm1
   libeditorconfig0                0.12.1-1.1ubuntu0.18.04.1~esm1

Ubuntu 16.04 ESM:
   editorconfig                    0.12.0-2ubuntu0.1~esm1
   libeditorconfig0                0.12.0-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5842-1
   CVE-2023-0341

Package Information:
https://launchpad.net/ubuntu/+source/editorconfig-core/0.12.5-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/editorconfig-core/0.12.5-2ubuntu0.1~esm1
https://launchpad.net/ubuntu/+source/editorconfig-core/0.12.1-1.1ubuntu0.20.04.1~esm1
https://launchpad.net/ubuntu/+source/editorconfig-core/0.12.1-1.1ubuntu0.18.04.1~esm1

Ubuntu 5842-1: EditorConfig Core C vulnerability

February 6, 2023
EditorConfig Core C could be made to crash or run programs if it received specially crafted input.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: EditorConfig Core C could be made to crash or run programs if it received specially crafted input. Software Description: - editorconfig-core: coding style indenter for all editors Details: Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10:   editorconfig                    0.12.5-2.1ubuntu0.1   libeditorconfig0                0.12.5-2.1ubuntu0.1 Ubuntu 22.04 LTS:   editorconfig                    0.12.5-2ubuntu0.1~esm1   libeditorconfig0                0.12.5-2ubuntu0.1~esm1 Ubuntu 20.04 LTS:   editorconfig                    0.12.1-1.1ubuntu0.20.04.1~esm1   libeditorconfig0                0.12.1-1.1ubuntu0.20.04.1~esm1 Ubuntu 18.04 LTS:   editorconfig                    0.12.1-1.1ubuntu0.18.04.1~esm1   libeditorconfig-dev             0.12.1-1.1ubuntu0.18.04.1~esm1   libeditorconfig0                0.12.1-1.1ubuntu0.18.04.1~esm1 Ubuntu 16.04 ESM:   editorconfig                    0.12.0-2ubuntu0.1~esm1   libeditorconfig0                0.12.0-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5842-1

  CVE-2023-0341

Severity
Ubuntu Security Notice USN-5842-1

Package Information

https://launchpad.net/ubuntu/+source/editorconfig-core/0.12.5-2.1ubuntu0.1 https://launchpad.net/ubuntu/+source/editorconfig-core/0.12.5-2ubuntu0.1~esm1 https://launchpad.net/ubuntu/+source/editorconfig-core/0.12.1-1.1ubuntu0.20.04.1~esm1 https://launchpad.net/ubuntu/+source/editorconfig-core/0.12.1-1.1ubuntu0.18.04.1~esm1

Related News

10 Essential Linux Tools for Network and Security Pros

Delving into Container Security

Debian and Ubuntu Users Get Kernel Security Updates to Fix Recent Wi-Fi Stack Flaws

News

Advisories

HOWTOs

Features

Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy