USN-5988-1: Xcftools vulnerabilities
29 March 2023
Xcftools could be made to crash or run programs as an administrator if it opened a specially crafted file.
Releases
Packages
- xcftools - command-line tools for extracting data for XCF files
Details
It was discovered that integer overflows vulnerabilities existed in Xcftools.
An attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2019-5086, CVE-2019-5087)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
-
xcftools
-
1.0.7-5ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.