Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
172
security advisorymoderatedenial of serviceUbuntu 22.04 LTS 5961-1 Moderate: abcm2ps Denial Of Service
Several security issues were fixed in abcm2ps.. =========================================================================Ubuntu Security Notice USN-5961-1 March 16, 2023 abcm2ps vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in abcm2ps. Software Description: - abcm2ps: Translates ABC music description files to PostScript Details: It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069) Chiba of Topsec Alpha Lab discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service. (CVE-2021-32434, CVE-2021-32435, CVE-2021-32436) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: abcm2ps 8.14.11-0.1ubuntu0.1~esm1 Ubuntu 20.04 LTS: abcm2ps 8.14.6-0.1ubuntu0.1~esm1 Ubuntu 18.04 LTS: abcm2ps 7.8.9-1+deb9u1build0.18.04.1 Ubuntu 16.04 ESM: abcm2ps 7.8.9-1ubuntu0.16.04.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5961-1 CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069, CVE-2021-32434, CVE-2021-32435, CVE-2021-32436 PackageInformation: https://launchpad.net/ubuntu/+source/abcm2ps/7.8.9-1+deb9u1build0.18.04.1 . A variety of vulnerabilities in xyztool were addressed in this notice for numerous Ubuntu versions, impacting how data is processed.. abcm2ps vulnerabilities, Ubuntu security, denial of service, memory handling. . LinuxSecurity.com Team
Mar 16, 2023
Ubuntu
197
security advisorydenial of servicebuffer overflowDebian 9 Stretch: DLA-2983-1 Critical: abcm2ps Denial of Service
Multiple vulnerabilities have been discovered in abcm2ps: program which translates ABC music description files to PostScript. CVE-2018-10753 . From: Anton Gladky To:
Apr 17, 2022
•Critical
Debian LTS
202
security advisoryaccess issuemoderate severityopenSUSE: 2022:0125-1 Moderate: Vulnerability in xyztool Security
An update that fixes three vulnerabilities is now available. . openSUSE Security Update: Security update for abcm2ps ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0100-1 Rating: moderate References: #1197355 Cross-References: CVE-2021-32434 CVE-2021-32435 CVE-2021-32436 CVSS scores: CVE-2021-32434 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32435 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32436 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for abcm2ps fixes the following issues: Update to 8.14.13: * fix: don't start/stop slurs above/below decorations * fix: crash when too many notes in a grace note sequence (#102) * fix: crash when too big value in M: (#103) * fix: loop or crash when too big width of y (space) (#104) * fix: bad font definition with SVG output when spaces in font name * fix: bad check of note length again (#106) * fix: handle %%staffscale at the global level (#108) * fix: bad vertical offset of lyrics when mysic line starts with empty staves Update to 8.14.12: Fixes: * crash when "%%break 1" and no measure bar in the tune * crash when duplicated voice ending on %%staves with repeat variant * crash when voice duplication with symbols without width * crash or bad output when null value in %%scale * problem when only bars in 2 voices followed %%staves of the second voice only * crash when tuplet error in grace note sequence * crash when grace note with empty tuplet * crash when many broken rhythms after a single grace note * access outside the deco arraywhen error in U: * crash when !xstem! with no note in the previous voice * crash on tuplet without any note/rest * crash when grace notes at end of line and voice overlay * crash when !trem2! at start of a grace note sequence * crash when wrong duration in 2 voice overlays and bad ties * crash when accidental without a note at start of line after K: (CVE-2021-32435) * array overflow when wrong duration in voice overlay (CVE-2021-32434, CVE-2021-32436) * loss of left margin after first page since previous commit * no respect of %%leftmargin with -E or -g * bad placement of chord symbols when in a music line with only invisible rests Syntax: * Accept and remove one or two '%'s at start of all %%beginxxx lines Generation: * Move the CSS from XHTML to SVG Update to 8.14.11: * fix: error "'staffwidth' too small" when generating sample3.abc Update to 8.14.10: * fix: bad glyph when defined by SVG containing 'v' in * fix: bad check of note length since commit 191fa55 * fix: memory corruption when error in %%staves/%%score * fix: crash when too big note duration * fix: crash when staff width too small Update to 8.14.9: * fix: bad natural accidental when %%MIDI temperamentequal Update to 8.14.8: * fix: no respect the width in %%staffbreak * fix: don't draw a staff when only %%staffbreak inside * fix: bad repeat bracket when continued on next line, line starting by a bar * fix: bad tuplet bracket again when at end of a voice overlay sequence * fix: bad tuplet bracket when at end of a voice overlay sequence * handle '%%MIDI temperamentequal ' * accept '^1' and '_1' as microtone accidentals Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patchopenSUSE-2022-100=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): abcm2ps-8.14.13-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2021-32434.html https://www.suse.com/security/cve/CVE-2021-32435.html https://www.suse.com/security/cve/CVE-2021-32436.html https://bugzilla.suse.com/1197355 . New update released for openSUSE addressing three issues in the abcm2ps package, assessed with moderate severity.. OpenSUSE Update, Abcm2ps Fix, Security Patch. . LinuxSecurity.com Team
Mar 31, 2022
OpenSUSE
89
security advisorymoderateFedoraFedora 36: FEDORA-2022-93025de981 Moderate: Abcm2ps Bug Fix
New upstream bug fix release.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-93025de981 2022-03-26 14:56:28.658198 --------------------------------------------------------------------------------Name : abcm2ps Product : Fedora 36 Version : 8.14.13 Release : 1.fc36 URL : http://moinejf.free.fr Summary : A program to typeset ABC tunes into Postscript Description : Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. --------------------------------------------------------------------------------Update Information: New upstream bug fix release. --------------------------------------------------------------------------------ChangeLog: * Sat Mar 12 2022 Stuart Gathman - 8.14.13-1 - New upstream release --------------------------------------------------------------------------------References: [ 1 ] Bug #1982465 - abcm2ps-8.14.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1982465 [ 2 ] Bug #2063270 - CVE-2021-32434 CVE-2021-32435 CVE-2021-32436 abcm2ps: multiple security vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2063270 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-93025de981' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 26, 2022
Fedora
203
security advisorybuffer overflowDoSMageia: MGASA-2022-0116 Moderate: abcm2ps DoS Attacks Threat
abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. (CVE-2021-32434) Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435) . MGASA-2022-0116 - Updated abcm2ps packages fix security vulnerability Publication date: 24 Mar 2022 URL: https://advisories.mageia.org/MGASA-2022-0116.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-32434, CVE-2021-32435, CVE-2021-32436 abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. (CVE-2021-32434) Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435) An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436) References: - https://bugs.mageia.org/show_bug.cgi?id=30195 - https://lists.fedoraproject.org/archives/list/
Mar 24, 2022
Mageia
89
security advisorycriticalsoftware updateFedora 35: FEDORA-2022-68d22975a4 Critical Abcm2ps Bug Resolution
New upstream bug fix release.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-68d22975a4 2022-03-22 03:40:08.822314 --------------------------------------------------------------------------------Name : abcm2ps Product : Fedora 35 Version : 8.14.13 Release : 1.fc35 URL : http://moinejf.free.fr Summary : A program to typeset ABC tunes into Postscript Description : Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. --------------------------------------------------------------------------------Update Information: New upstream bug fix release. --------------------------------------------------------------------------------ChangeLog: * Sat Mar 12 2022 Stuart Gathman - 8.14.13-1 - New upstream release --------------------------------------------------------------------------------References: [ 1 ] Bug #1982465 - abcm2ps-8.14.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1982465 [ 2 ] Bug #2063270 - CVE-2021-32434 CVE-2021-32435 CVE-2021-32436 abcm2ps: multiple security vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2063270 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-68d22975a4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 21, 2022
•Critical
Fedora
89
security advisoryupdateFedoraFedora 34 abcm2ps Bug Fix Notification for Improved Postscript
New upstream bug fix release.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-6b46927596 2022-03-22 03:17:38.843253 --------------------------------------------------------------------------------Name : abcm2ps Product : Fedora 34 Version : 8.14.13 Release : 1.fc34 URL : http://moinejf.free.fr Summary : A program to typeset ABC tunes into Postscript Description : Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. --------------------------------------------------------------------------------Update Information: New upstream bug fix release. --------------------------------------------------------------------------------ChangeLog: * Sat Mar 12 2022 Stuart Gathman - 8.14.13-1 - New upstream release --------------------------------------------------------------------------------References: [ 1 ] Bug #1982465 - abcm2ps-8.14.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1982465 [ 2 ] Bug #2063270 - CVE-2021-32434 CVE-2021-32435 CVE-2021-32436 abcm2ps: multiple security vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2063270 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-6b46927596' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 21, 2022
•Critical
Fedora
89
security advisorybuffer overflowsoftware updateFedora 30: FEDORA-2021-dc7a1234ef Critical: xyzapp Memory Leak Issue
New upstream release with fixes for CVEs and other enhancements.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-eb7a965fcf 2020-05-21 03:07:56.683407 --------------------------------------------------------------------------------Name : abcm2ps Product : Fedora 30 Version : 8.14.7 Release : 2.fc30 URL : http://moinejf.free.fr Summary : A program to typeset ABC tunes into Postscript Description : Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. --------------------------------------------------------------------------------Update Information: New upstream release with fixes for CVEs and other enhancements. --------------------------------------------------------------------------------ChangeLog: * Tue May 12 2020 Stuart Gathman - 8.14.7-2 - Move sample ABC output to subpackage * Tue May 12 2020 Stuart Gathman - 8.14.7-1 - New upstream release * Wed Apr 29 2020 Filipe Rosset - 7.8.14-11 - Fix FTBFS * Tue Jan 28 2020 Fedora Release Engineering - 7.8.14-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Wed Jul 24 2019 Fedora Release Engineering - 7.8.14-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1063718 - abcm2ps-8.14.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063718 [ 2 ] Bug #1576118 - CVE-2018-10753 abcm2ps: stack based buffer overflow in the delayed_output function in music.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1576118 [ 3 ] Bug #1576641 - CVE-2018-10771abcm2ps: Stack-based buffer overflow in parse.c:get_key() allows for denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1576641 [ 4 ] Bug #1799137 - abcm2ps: FTBFS in Fedora rawhide/f32 https://bugzilla.redhat.com/show_bug.cgi?id=1799137 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-eb7a965fcf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 20, 2020
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!