USN-5172-2: uriparser vulnerability
9 December 2021
Several security issues were fixed in uriparser.
Releases
Packages
- uriparser - Strictly RFC 3986 compliant URI parsing library
Details
USN-5172-1 fixed vulnerabilities in uriparser.
This update provides the corresponding updates for Ubuntu 14.04 ESM and
Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that uriparser mishandled certain input. An attacker
could use this vulnerability to cause uriparser to crash or possibly
execute arbitrary code. (CVE-2018-19198, CVE-2018-19199, CVE-2018-19200)
It was discovered that uriparser incorrectly handled certain URIs. An
attacker could use this vulnerability to cause a crash or possibly leak
sensitive information. (CVE-2018-20721)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
liburiparser1
-
0.8.4-1ubuntu0.16.04.1~esm2
Available with Ubuntu Pro
Ubuntu 14.04
-
liburiparser1
-
0.7.5-1ubuntu2+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5172-1: liburiparser1, liburiparser-dev, uriparser, liburiparser-doc