USN-5961-1: abcm2ps vulnerabilities

Releases

• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• abcm2ps - Translates ABC music description files to PostScript

Details

It was discovered that abcm2ps incorrectly
handled memory when parsing specially crafted ABC files.
An attacker could use this issue to cause abcm2ps to crash,
leading to a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 ESM
and Ubuntu 18.04 LTS.
(CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069)

Chiba of Topsec Alpha Lab discovered that abcm2ps incorrectly
handled memory when parsing specially crafted ABC files.
An attacker could use this issue to cause abcm2ps to crash,
leading to a denial of service.
(CVE-2021-32434, CVE-2021-32435, CVE-2021-32436)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• abcm2ps - 8.14.11-0.1ubuntu0.1~esm1
  Available with Ubuntu Pro

Ubuntu 20.04

• abcm2ps - 8.14.6-0.1ubuntu0.1~esm1
  Available with Ubuntu Pro

Ubuntu 18.04

• abcm2ps - 7.8.9-1+deb9u1build0.18.04.1

Ubuntu 16.04

• abcm2ps - 7.8.9-1ubuntu0.16.04.1~esm1
  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

• CVE-2021-32435
• CVE-2018-10771
• CVE-2019-1010069
• CVE-2021-32434
• CVE-2021-32436
• CVE-2018-10753