==========================================================================
Ubuntu Security Notice USN-4085-1
August 01, 2019
Sigil vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Sigil could be made to overwrite files.
Software Description:
– sigil: multi-platform ebook editor
Details:
Mike Salvatore discovered that Sigil mishandled certain malformed EPUB
files. An attacker could use this vulnerability to write arbitrary files to
the filesystem.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
sigil 0.9.13+dfsg-1ubuntu0.1
sigil-data 0.9.13+dfsg-1ubuntu0.1
Ubuntu 18.04 LTS:
sigil 0.9.9+dfsg-1ubuntu0.1~esm1
sigil-data 0.9.9+dfsg-1ubuntu0.1~esm1
Ubuntu 16.04 LTS:
sigil 0.9.5+dfsg-0ubuntu1+esm1
sigil-data 0.9.5+dfsg-0ubuntu1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4085-1
CVE-2019-14452
Package Information:
https://launchpad.net/ubuntu/+source/sigil/0.9.13+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/sigil/0.9.9+dfsg-1ubuntu0.1~esm1
https://launchpad.net/ubuntu/+source/sigil/0.9.5+dfsg-0ubuntu1+esm1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1C9VUACgkQdyg1Qz0o
XX0yoRAAvg0iBMx6Ya4SYj9lpEbo3jGtMNHpW0qaATKTDJzvIiXGpngh7VEkNfDB
uWUVfS1u98xaGU5mNbkItCSnXN5l+rXXco456l9Ld4LIFcaoC+L3UPDiIi1ZIgu5
hv5S5dSPFFykHO1tNC6B2lQtDpZoDQGiXiOGPp53vdYTAjIeMtJvsie5IJ1BYvHw
07dRPBSNr1vvYldWaT8inAVL5GSmte028bMIbYFMivLOdhrbtggMqX9dHa1iZrq/
rl8WRCbXG8qWlrgr0rRnUISs8BUQlwQjYxAsxD3Ud2VONAVKl2Jc0yrUbrJFWryH
FAIQdD1mNeoTcMSlfdUtZH2w1HU5Nr1j7P7pPApkBzePFyF81pwYJCTUeSw8JoAB
gIIXjjEq7fDetJTxUm/QyGjVz+PLT0gQJfcK/fVK/V1xC26ctm/Iz0gueNv/ugK+
Z6ZB8MG1209ILExB7cbs72deFNXaCR5jH9cydmtRljUfKMg2KrpMwuhYs4bCB+MA
Smt1uiz2/DUN0nPnKsijKCFyCupMjHDgOE9Z4NbNKEpdHF7dreCoHVPa810l2EWY
H0qC5jg7cogT1U+lI/RO19+asE06E2jK5UgBBD04COmMY/Z6rYQYm8b9E4O+9+ra
PQdwtHyDBAsgEIy7oH2gaYiGNQcS8En9rWDsCusjk4vRjiJmRgk=
=p8Bk
—–END PGP SIGNATURE—–
—