Ubuntu Security Notice 6556-1 - It was discovered that Budgie Extras incorrectly handled certain temporary file paths. An attacker could possibly use this issue to inject false information or deny access to the application. Matthias Gerstner discovered that Budgie Extras incorrectly handled certain temporary file paths. A local attacker could use this to inject arbitrary PNG data in this path and have it displayed on the victim's desktop or deny access to the application.
1e445a20e0c3e2f5cd796458dc464196f8b71e35096e6c4f1fb6ced4a09715a1==========================================================================
Ubuntu Security Notice USN-6556-1
December 14, 2023
budgie-extras vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in budgie-extras.
Software Description:
- budgie-extras: Applet to provide an alternative means to launch applications
Details:
It was discovered that Budgie Extras incorrectly handled certain temporary file paths.
An attacker could possibly use this issue to inject false information or deny
access to the application. (CVE-2023-49342, CVE-2023-49343, CVE-2023-49347)
Matthias Gerstner discovered that Budgie Extras incorrectly handled certain
temporary file paths. A local attacker could use this to inject arbitrary PNG
data in this path and have it displayed on the victim's desktop or deny access
to the application. (CVE-2023-49344)
Matthias Gerstner discovered that Budgie Extras incorrectly handled certain
temporary file paths. A local attacker could use this to inject false information
or deny access to the application. (CVE-2023-49345, CVE-2023-49346)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
budgie-clockworks-applet 1.7.0-3.0ubuntu1
budgie-dropby-applet 1.7.0-3.0ubuntu1
budgie-previews 1.7.0-3.0ubuntu1
budgie-takeabreak-applet 1.7.0-3.0ubuntu1
budgie-weathershow-applet 1.7.0-3.0ubuntu1
Ubuntu 23.04:
budgie-clockworks-applet 1.6.0-1ubuntu0.1
budgie-dropby-applet 1.6.0-1ubuntu0.1
budgie-previews-applet 1.6.0-1ubuntu0.1
budgie-takeabreak-applet 1.6.0-1ubuntu0.1
budgie-weathershow-applet 1.6.0-1ubuntu0.1
Ubuntu 22.04 LTS:
budgie-clockworks-applet 1.4.0-1ubuntu3.1
budgie-dropby-applet 1.4.0-1ubuntu3.1
budgie-previews-applet 1.4.0-1ubuntu3.1
budgie-takeabreak-applet 1.4.0-1ubuntu3.1
budgie-weathershow-applet 1.4.0-1ubuntu3.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6556-1
CVE-2023-49342, CVE-2023-49343, CVE-2023-49344, CVE-2023-49345,
CVE-2023-49346, CVE-2023-49347
Package Information:
https://launchpad.net/ubuntu/+source/budgie-extras/1.7.0-3.0ubuntu1
https://launchpad.net/ubuntu/+source/budgie-extras/1.6.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/budgie-extras/1.4.0-1ubuntu3.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed