Monday, October 21, 2024

[USN-7062-2] libgsf vulnerabilities

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmcWb80ACgkQZWnYVadE
vpMZxg//QSlJpXNd8mIjLdS1b58Tiub++HKyaAfAsPpzPJjjJwB54xFNZt0bV5Ef
GIN/+wqaS96VSuCJqPqwUBOKU4wciee5Cp0ZNF6dAtozzIPmlcyQTwLLpvyNKg1x
w7mj9TCbibCA2BdFeJxrnXF8cnm0UPl8+KU5degAGEGai/43pharYtsAof3KtsVB
N0iYJJ4jFvlRg/vZGXwENPZKntpgda/5HrbccmMzStiQSWtwpNoJ63je+AwSwUnv
ySfSrvN9x+FDzkc4InILVhN3z2NUsy9GS6S77tyLgdmnudb3GWKe8nNvm7W9ixy6
zRVrmjCedVdKVGXaAsZgvuvBIq1aS41Wi/H+ETgSojbQCHNv69n9dbizcD0M89Ce
tFeqyXrTEbyW39yEndr2oyL2ttMiK6TeCdq8Y/ll/Yc4UjIWRfRJXCIORPhWvo9K
+t2agr/CWsbvL4cLd2GV295GwpqDF2UvQ+QEEnDsZrlGiX0lhhLLcPhzDdo5yO4J
0oMPlIhiq8Jie0Hc4wcV5NR7oS8rkK/gewz6KJDR043LlTBdtvbzwl15OqvzuKU6
DrD7hfQqKEqTxnz66rblNj4w56Or5cyvfFN8MtCy2UaDN9s4StMCH3Mj66CPwm6/
XKbDD+LlaWox676MQlqIELtN2eRy0wy/bnx2svp5rcdzOXLoI1Q=
=I4vm
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7062-2
October 21, 2024

libgsf vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

libgsf could be made to run programs as your login if it opened a specially
crafted file.

Software Description:
- libgsf: GObject introspection data for the Structured File Library

Details:

USN-7062-1 fixed vulnerabilities in libgsf. This update provides the
corresponding updates for Ubuntu 24.10.

Original advisory details:

It was discovered that libgsf incorrectly handled certain Compound
Document Binary files. If a user or automated system were tricked into
opening a specially crafted file, a remote attacker could possibly use
this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
libgsf-1-114 1.14.52-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7062-2
https://ubuntu.com/security/notices/USN-7062-1
CVE-2024-36474, CVE-2024-42415

Package Information:
https://launchpad.net/ubuntu/+source/libgsf/1.14.52-1ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)