Ubuntu Security Notice 5961-1 - It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Chiba of Topsec Alpha Lab discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service.
b2dd20769972bbb693dff57a5249e0e6efe673b60728f67b614a4ce8f92ba882
==========================================================================
Ubuntu Security Notice USN-5961-1
March 16, 2023
abcm2ps vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in abcm2ps.
Software Description:
- abcm2ps: Translates ABC music description files to PostScript
Details:
It was discovered that abcm2ps incorrectly
handled memory when parsing specially crafted ABC files.
An attacker could use this issue to cause abcm2ps to crash,
leading to a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 ESM
and Ubuntu 18.04 LTS.
(CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069)
Chiba of Topsec Alpha Lab discovered that abcm2ps incorrectly
handled memory when parsing specially crafted ABC files.
An attacker could use this issue to cause abcm2ps to crash,
leading to a denial of service.
(CVE-2021-32434, CVE-2021-32435, CVE-2021-32436)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
abcm2ps 8.14.11-0.1ubuntu0.1~esm1
Ubuntu 20.04 LTS:
abcm2ps 8.14.6-0.1ubuntu0.1~esm1
Ubuntu 18.04 LTS:
abcm2ps 7.8.9-1+deb9u1build0.18.04.1
Ubuntu 16.04 ESM:
abcm2ps 7.8.9-1ubuntu0.16.04.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5961-1
CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069, CVE-2021-32434,
CVE-2021-32435, CVE-2021-32436
Package Information:
https://launchpad.net/ubuntu/+source/abcm2ps/7.8.9-1+deb9u1build0.18.04.1