USN-7137-1: recutils vulnerabilities
4 December 2024
recutils could be made to crash or run programs as a login user if a specially crafted file was opened.
Releases
Packages
- recutils - text-based databases called recfiles
Details
It was discovered that recutils incorrectly handled memory when parsing
comments with the recparser utility. An attacker could possibly use this
issue to cause a denial of service or run arbitrary commands.
(CVE-2021-46019, CVE-2021-46021, CVE-2021-46022)
It was discovered that recutils incorrectly handled memory when parsing CSV
files. An attacker could possibly use this issue to cause a denial of
service or run arbitrary commands. (CVE-2019-11637, CVE-2019-11638,
CVE-2019-11639, CVE-2019-11640)
It was discovered that recutils incorrectly handled memory when parsing
maliciously crafted recfiles. An attacker could possibly use this issue to
cause a denial of service. (CVE-2019-6455, CVE-2019-6456, CVE-2019-6457,
CVE-2019-6458, CVE-2019-6459, CVE-2019-6460)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
-
librec1
-
1.8-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
-
recutils
-
1.8-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04
-
librec1
-
1.8-1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
-
recutils
-
1.8-1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
librec1
-
1.7-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
recutils
-
1.7-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
librec1
-
1.7-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
recutils
-
1.7-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.