USN-7168-1: EditorConfig vulnerabilities

Publication date

18 December 2024

Overview

EditorConfig could be made to crash or run programs as your login if it received specially crafted input.


Packages

Details

It was discovered that EditorConfig improperly managed memory when handling
certain inputs, leading to overflows. An attacker could possibly use these
issues to cause a denial of service, or execute arbitrary code.

It was discovered that EditorConfig improperly managed memory when handling
certain inputs, leading to overflows. An attacker could possibly use these
issues to cause a denial of service, or execute arbitrary code.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.04 jammy editorconfig –  0.12.5-2ubuntu0.1~esm2  
libeditorconfig0 –  0.12.5-2ubuntu0.1~esm2  
20.04 focal editorconfig –  0.12.1-1.1+deb11u1build0.20.04.1
libeditorconfig0 –  0.12.1-1.1+deb11u1build0.20.04.1
18.04 bionic editorconfig –  0.12.1-1.1ubuntu0.18.04.1~esm2  
libeditorconfig0 –  0.12.1-1.1ubuntu0.18.04.1~esm2  
16.04 xenial editorconfig –  0.12.0-2ubuntu0.1~esm2  
libeditorconfig0 –  0.12.0-2ubuntu0.1~esm2  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›