Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Ubuntu 20.04 LTS: USN-5864-1 Critical Fig2dev Denial Of Service

ubuntu
Calendar Grey February 13, 2023
Dist Ubuntu Esm H88
A range of security flaws has been addressed in Libjpeg-turbo impacting various Debian versions, enhancing overall system protection.
Several security issues were fixed in Fig2dev.

Summary

Several security issues were fixed in Fig2dev.

Software Description:

- fig2dev: Utilities for converting XFig figure files

Details:

Frederic Cambus discovered that Fig2dev incorrectly handled certain image

files. If a user or an automated system were tricked into opening a certain

specially crafted input file, a remote attacker could possibly use this

issue

to cause a denial of service. This issue only affected Ubuntu 18.04 LTS.

(CVE-2019-14275)

It was discovered that Fig2dev incorrectly handled certain image files. If

a user or an automated system were tricked into opening a certain specially

crafted input file, a remote attacker could possibly use this issue to cause

a denial of service. (CVE-2019-19555, CVE-2019-19797, CVE-2020-21529,

CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533,

CVE-2020-21534, CVE-2020-21535, CVE-2020-21675, CVE-2020-21676,

CVE-2021-3561)

It was discovered that Fig2dev incorrectly handled certain image files. If

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   fig2dev                         1:3.2.7a-7ubuntu0.1

Ubuntu 18.04 LTS:
   fig2dev                         1:3.2.6a-6ubuntu1.1
   transfig                        1:3.2.6a-6ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5864-1

  CVE-2019-14275, CVE-2019-19555, CVE-2019-19797, CVE-2020-21529,

  CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533,

  CVE-2020-21534, CVE-2020-21535, CVE-2020-21675, CVE-2020-21676,

  CVE-2021-32280, CVE-2021-3561

Severity
critical
Lowest
Low
Medium
High
Critical

February 13, 2023

Package Information

  https://launchpad.net/ubuntu/+source/fig2dev/1:3.2.7a-7ubuntu0.1
  https://launchpad.net/ubuntu/+source/fig2dev/1:3.2.6a-6ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.