Wednesday, February 14, 2018

[USN-3570-1] AdvanceCOMP vulnerability

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJahF3pAAoJEGVp2FWnRL6TtGMP/0PnwI2z3XogDv6Cv6xfS2fP
zwYkSih7F/efjIUzvke8PpFnoadDdiOWzbgsUvnxi2lVSuMImcL5IgSZrj56+r0k
VAWh2/YVtYmajmSERzftCkRcM4bO75VDhfQN21IcaviyxAzlihRhgrr4XXIIJsYG
83QQ5JS2yH/nZs9XDMBFoUITTeNn+B4rLMKtSxj5hsH7Y0Ehb3Ziw1qy3TpJHl/S
pJA8BncbaZFF1HbJQAVgmjK7BpOuQgJ0QdPFb5Bs4OML7wfxkDg0tfLqZMtWmaAx
xL2+OjpsLc+gW8HIYf3yCk3cemvrUvgIOeUv2RkWdPIkG5hYvCN9mxdnd6hs83to
7//9PrZjUMOmGLrZzXmdBOFl+iInUkdW0DYWKXZh8yzLvYmWK2B8dwA1MLNKJIn0
mW5clpstfE0CZ8Dpg/pTIsdIZbIAmJOIuZU3CdZH4Hav1eRjv7FN/1OnrLvobvSf
ZxezgqgbEDZ2wIz3SyB+fBvgKQdTDdVFGiMgl8HjWwkcbW1Ds22K805nZLHcl1U0
uoN+cmRU8jLHIhqt7dUDjozWDW191PuwnQIbM8fZfMSlnwdMLuZUj4eoW7IFC/xR
ugKNP1vJ80JPq0WbjTO9Jj4rEsPVyT+NlYNmUQM5jrq5xg1ftH0CGg7guFFcuAmW
Dgic72oRjTv+GxaIGheb
=pgTX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3570-1
February 14, 2018

advancecomp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

AdvanceCOMP could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- advancecomp: collection of recompression utilities

Details:

Joonun Jang discovered that AdvanceCOMP incorrectly handled certain
malformed zip files. If a user or automated system were tricked into
processing a specially crafted zip file, a remote attacker could cause
AdvanceCOMP to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
advancecomp 2.0-1ubuntu0.1

Ubuntu 16.04 LTS:
advancecomp 1.20-1ubuntu0.1

Ubuntu 14.04 LTS:
advancecomp 1.18-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3570-1
CVE-2018-1056

Package Information:
https://launchpad.net/ubuntu/+source/advancecomp/2.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/advancecomp/1.20-1ubuntu0.1
https://launchpad.net/ubuntu/+source/advancecomp/1.18-1ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)