Fixes Day: Canonical Releases Patches to Fix 6 Medium Urgency Vulnerabilities

Fixed vulnerabilities

A few hours ago we published an article talking about what is known as Lockdown, a new security module that will arrive with Linux 5.4. Among what this module will do we have to help avoid the execution of arbitrary code. The example that best explains its importance has arrived today, since Canonical has fixed several vulnerabilities and some of them could be used to execute arbitrary code, something that will be more difficult after the release of Linux 5.4.

In total, they have been corrected 6 vulnerabilities collected in three reports: the USN-4142-1 which affects Ubuntu 19.04, Ubuntu 18.04 and Ubuntu 16.04, the USN-4142-2 which is the same as the previous one but focused on Ubuntu 14.04 and Ubuntu 12.04 (both in ESM versions) and USN-4143-1, which affects the three versions that still enjoy official support. All vulnerabilities have been labeled medium urgency.

Six vulnerabilities that explain why we care about Lockdown

The vulnerabilities corrected have been the following:

  • CVE-2019-5094: An exploitable code execution vulnerability exists in the E2fsprogs 1.45.3 quota file functionality. A specially crafted ext4 partition can cause an out of limit write to the heap, resulting in code execution. An attacker You can damage a partition to activate this vulnerability.
  • CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory allocated which can lead to a Buffer overflow and potential code execution. An attacker can provide a Image file specially designed to trigger this vulnerability.
  • CVE-2019-7635, CVE-2019-7636, CVE-2019-7637 y CVE-2019-7638: SDL (Simple DirectMedia Layer) up to 1.2.15 and 2.x up to 2.0.9 has a lBlit1to4-based over-buffering in video / SDL_blit_1.c, SDL_GetRGB in video / SDL_pixels.c, SDL_FillRect in video / SDL_surface.c and Map1toN in video / SDL_pixels.c.

The first of the above also affects Ubuntu 19.10 Eoan Ermine, so patches will be released soon for the version that will be released on October 17. After the updates are installed, you must restart your computer for the changes to take effect. And although they are not serious failures, Lockdown, We will wait for you.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.