Ubuntu alert USN-7118-1 (zbar)
| From: | Paulo Flabiano Smorigo <pfsmorigo@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7118-1] ZBar vulnerabilities | |
| Date: | Thu, 21 Nov 2024 11:14:59 -0300 | |
| Message-ID: | <20241121141459.mdxvzhlqprkkzowo@morty> |
========================================================================== Ubuntu Security Notice USN-7118-1 November 21, 2024 zbar vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: ZBar could expose sensitive data if it opened a specially crafted file Software Description: - zbar: QR code / bar code scanner and decoder (Perl bindings) Details: It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. (CVE-2023-40889) It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-40890) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libzbar0 0.23.92-4ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libzbar0 0.23-1.3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libzbar0 0.10+doc-10.1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libzbar0 0.10+doc-10ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7118-1 CVE-2023-40889, CVE-2023-40890
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAmc/QF4ACgkQbUp5kL3i zGZptw//URv9HBttIffzl7/RK+wzfTnd+0CQk1m6PtgDp2F2BClNYZpJxrzpohOK wfKKdaqbl87Qmuhs2Pdpsz5A5CDhPBOqgBRmVIKAUAtDtoO6NT2knPbrtcKOK3s9 jFfuEt9JgC3A4/+XZ1+0GjFP1LUbl1b6hwXx6ocxG/vj4Y3FDXezR2tWWpzgxmQ6 fDUb4l+KoZYvV/CVA4xWGNyshfv6FqiKJgDlIpNrGT/TBtrUOgKszADn5+cVsyK5 w6HZuJiTwqVDQTlAp4McMvR9DqlrJ/bYm0aGROBiX2JforTbRY8R4OP7KmOPZcO7 ggNRKEezCcKqHxcwzjTpuC2BrRRTinf3DEKDDa4ZLULfJFlxIiW2Wu7CQ4OUVUI/ 0naAqPcWweaMJs42SSRvSICDaDB7U91K5yfFwmEO52UyVZ/GsbiYs/GFrivJycvt wVMe9JIMcI3KoYt4HeAKEIb1sGegPQVo0H2wuhLgK7ici4IcT7lCIRgSbt6I9YyS TysiQe+lge+OdO9xhFx5CVDv1HxY3k2PZBz+SQf2nTMEySbVh135wgnPghiUpwUn 7iWmY42G4VeZhNseUtoQKpn3qJI6dDHH0dlJSJMUEKUD19Ut2NAA/yjlyntou4l9 lmBC9Vm0Y+uc6D+sZ0ox8571lkK0Dl/VvRKkq8+duKbXfN7GioA= =0gij -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)