USN-5842-1: EditorConfig Core C vulnerability
6 February 2023
EditorConfig Core C could be made to crash or run programs if it received specially crafted input.
Releases
Packages
- editorconfig-core - coding style indenter for all editors
Details
Mark Esler and David Fernandez Gonzalez discovered that
EditorConfig Core C incorrectly handled memory when handling
certain inputs. An attacker could possibly use this issue to cause
applications using EditorConfig Core C to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
Ubuntu 22.04
-
libeditorconfig0
-
0.12.5-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
editorconfig
-
0.12.5-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04
-
libeditorconfig0
-
0.12.1-1.1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
-
editorconfig
-
0.12.1-1.1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
libeditorconfig0
-
0.12.1-1.1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
-
editorconfig
-
0.12.1-1.1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
-
libeditorconfig-dev
-
0.12.1-1.1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
libeditorconfig0
-
0.12.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
editorconfig
-
0.12.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.