USN-5784-1: usbredir vulnerability
3 January 2023
usbredir could be made to crash or run programs if it received specially crafted input.
Releases
Packages
- usbredir - usbredir libraries and utilities
Details
It was discovered that usbredir incorrectly handled memory when
serializing large amounts of data in the case of a slow or blocked
destination. An attacker could possibly use this issue to cause
applications using usbredir to crash, resulting in a denial of
service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
usbredirserver
-
0.8.0-1ubuntu0.1
-
libusbredirhost1
-
0.8.0-1ubuntu0.1
-
libusbredirparser1
-
0.8.0-1ubuntu0.1
Ubuntu 18.04
-
usbredirserver
-
0.7.1-1ubuntu0.18.04.1
-
libusbredirhost1
-
0.7.1-1ubuntu0.18.04.1
-
libusbredirparser1
-
0.7.1-1ubuntu0.18.04.1
Ubuntu 16.04
-
usbredirserver
-
0.7.1-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
-
libusbredirhost1
-
0.7.1-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
-
libusbredirparser1
-
0.7.1-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
usbredirserver
-
0.6-2ubuntu1.1+esm1
Available with Ubuntu Pro
-
libusbredirhost1
-
0.6-2ubuntu1.1+esm1
Available with Ubuntu Pro
-
libusbredirparser1
-
0.6-2ubuntu1.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.