Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 22.04 LTS: USN-7137-1 critical: recutils denial of service
recutils could be made to crash or run programs as a login user if a specially crafted file was opened.. ========================================================================== Ubuntu Security Notice USN-7137-1 December 04, 2024 recutils vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: recutils could be made to crash or run programs as a login user if a specially crafted file was opened. Software Description: - recutils: text-based databases called recfiles Details: It was discovered that recutils incorrectly handled memory when parsing comments with the recparser utility. An attacker could possibly use this issue to cause a denial of service or run arbitrary commands. (CVE-2021-46019, CVE-2021-46021, CVE-2021-46022) It was discovered that recutils incorrectly handled memory when parsing CSV files. An attacker could possibly use this issue to cause a denial of service or run arbitrary commands. (CVE-2019-11637, CVE-2019-11638, CVE-2019-11639, CVE-2019-11640) It was discovered that recutils incorrectly handled memory when parsing maliciously crafted recfiles. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-6455, CVE-2019-6456, CVE-2019-6457, CVE-2019-6458, CVE-2019-6459, CVE-2019-6460) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS librec1 1.8-1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro recutils 1.8-1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS librec1 1.8-1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro recutils 1.8-1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS librec1 1.7-2ubuntu0.1~esm1 Available with Ubuntu Pro recutils 1.7-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS librec1 1.7-1ubuntu0.1~esm1 Available with Ubuntu Pro recutils 1.7-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7137-1 CVE-2019-11637, CVE-2019-11638, CVE-2019-11639, CVE-2019-11640, CVE-2019-6455, CVE-2019-6456, CVE-2019-6457, CVE-2019-6458, CVE-2019-6459, CVE-2019-6460, CVE-2021-46019, CVE-2021-46021, CVE-2021-46022 . A critical security advisory highlights vulnerabilities in Ubuntu's Recutils package that may lead to crashes or unauthorized program execution. Users should update promptly to mitigate risks.. recutils security advisory, Ubuntu 22.04 LTS, denial of service issue, program execution vulnerability. . Severity: Critical. LinuxSecurity.com Team
Dec 04, 2024
•Critical
Ubuntu
89
security advisoryFedoraDoSFedora 36: 2022-17787e290f Critical Update for Recutils DoS Issues
- New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941) - Use %%gpgverify macro - Remove recutils-shared-lib-calls-exit.patch - Install rec- mode.el from a separate source. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-17787e290f 2022-05-07 04:08:14.317946 --------------------------------------------------------------------------------Name : recutils Product : Fedora 36 Version : 1.9 Release : 1.fc36 URL : Summary : A set of tools to access GNU recfile databases Description : Recutils is a set of tools and libraries to access human-editable, text-based databases called recfiles. The data is stored as a sequence of records, each record containing an arbitrary number of named fields. --------------------------------------------------------------------------------Update Information: - New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941) - Use %%gpgverify macro - Remove recutils-shared-lib-calls-exit.patch - Install rec-mode.el from a separate source --------------------------------------------------------------------------------ChangeLog: * Mon Apr 25 2022 Daiki Ueno - 1.9-1 - New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941) - Use %gpgverify macro - Remove recutils-shared-lib-calls-exit.patch - Install rec-mode.el from a separate source * Fri Jan 21 2022 Fedora Release Engineering - 1.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2046941 - recutils: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2046941 [ 2 ] Bug #2047805 - CVE-2021-46021 recutils: use-after-free in rec_record_destroy() at rec-record.c may lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2047805 [ 3 ] Bug #2047807 - CVE-2021-46022 recutils:use-after-free in rec_mset_elem_destroy() at rec-mset.c may lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2047807 [ 4 ] Bug #2047809 - CVE-2021-46019 recutils: untrusted pointer dereference in rec_db_destroy() at rec-db.c may lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2047809 [ 5 ] Bug #2075962 - recutils-1.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2075962 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-17787e290f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 07, 2022
•Critical
Fedora
89
security advisoryupdateFedoraFedora 35: 2022-4e6bd7ca62 Moderate: Recutils DoS Bug Fix
- New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941) - Use %%gpgverify macro - Remove recutils-shared-lib-calls-exit.patch - Install rec- mode.el from a separate source. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-4e6bd7ca62 2022-05-04 13:51:09.193546 --------------------------------------------------------------------------------Name : recutils Product : Fedora 35 Version : 1.9 Release : 1.fc35 URL : Summary : A set of tools to access GNU recfile databases Description : Recutils is a set of tools and libraries to access human-editable, text-based databases called recfiles. The data is stored as a sequence of records, each record containing an arbitrary number of named fields. --------------------------------------------------------------------------------Update Information: - New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941) - Use %%gpgverify macro - Remove recutils-shared-lib-calls-exit.patch - Install rec-mode.el from a separate source --------------------------------------------------------------------------------ChangeLog: * Mon Apr 25 2022 Daiki Ueno - 1.9-1 - New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941) - Use %gpgverify macro - Remove recutils-shared-lib-calls-exit.patch - Install rec-mode.el from a separate source --------------------------------------------------------------------------------References: [ 1 ] Bug #2046941 - recutils: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2046941 [ 2 ] Bug #2047805 - CVE-2021-46021 recutils: use-after-free in rec_record_destroy() at rec-record.c may lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2047805 [ 3 ] Bug #2047807 - CVE-2021-46022 recutils: use-after-free in rec_mset_elem_destroy() at rec-mset.c may lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2047807 [ 4 ] Bug #2047809 - CVE-2021-46019 recutils: untrusted pointer dereference in rec_db_destroy() at rec-db.c may lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2047809 [ 5 ] Bug #2075962 - recutils-1.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2075962 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-4e6bd7ca62' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 04, 2022
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!