Explore top 10 tips to secure your open-source projects now. Read More
×
pano13 could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- libpano13: panorama tools library
Details:
It was discovered that pano13 did not properly validate the prefix provided
for PTcrop's output. An attacker could use this issue to cause pano13 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20307)
It was discovered that pano13 did not properly handle certain crafted TIFF
images. An attacker could use this issue to cause pano13 to crash,
resulting in a denial of service. (CVE-2021-33293)
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): libpano13-3 2.9.20~rc3+dfsg-1ubuntu0.1~esm1 libpano13-bin 2.9.20~rc3+dfsg-1ubuntu0.1~esm1 libpano13-dev 2.9.20~rc3+dfsg-1ubuntu0.1~esm1 Ubuntu 20.04 LTS: libpano13-3 2.9.19+dfsg-3ubuntu0.20.04.1 libpano13-bin 2.9.19+dfsg-3ubuntu0.20.04.1 libpano13-dev 2.9.19+dfsg-3ubuntu0.20.04.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libpano13-3 2.9.19+dfsg-3ubuntu0.18.04.1~esm1 libpano13-bin 2.9.19+dfsg-3ubuntu0.18.04.1~esm1 libpano13-dev 2.9.19+dfsg-3ubuntu0.18.04.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libpano13-3 2.9.19+dfsg-2ubuntu0.1~esm1 libpano13-bin 2.9.19+dfsg-2ubuntu0.1~esm1 libpano13-dev 2.9.19+dfsg-2ubuntu0.1~esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): libpano13-2 2.9.18+dfsg-6ubuntu2+esm1 libpano13-bin 2.9.18+dfsg-6ubuntu2+esm1 libpano13-dev 2.9.18+dfsg-6ubuntu2+esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6163-1
CVE-2021-20307, CVE-2021-33293
Get the latest Linux and open source security news straight to your inbox.