Security Notice: CVE-2019-20326

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics.Please do not add support questions to threads here,use the appropriate support forum instead
Post Reply
User avatar
clem
Level 12
Level 12
Posts: 4172
Joined: Wed Nov 15, 2006 8:34 am
Contact:

Security Notice: CVE-2019-20326

Post by clem »

Summary

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

https://cve.mitre.org/cgi-bin/cvename.c ... 2019-20326

Affected versions

The issue affects all versions of Pix prior to to version 2.4.5.

Fixed versions

Updates for Pix 2.4.5 were pushed towards all currently supported versions of Linux Mint (18.x, 19.x) and LMDE 3.

References

Pix commits between 2.4.4 and 2.4.5: https://github.com/linuxmint/pix/commits/master
Image

tenfoot
Level 6
Level 6
Posts: 1051
Joined: Sun Jun 03, 2007 4:12 am
Location: Waipapa, Bay of Islands, New Zealand

Re: Security Notice: CVE-2019-20326 (SOLVED)

Post by tenfoot »

Updates appeared this morning. Tried to install them but get error message "Cannot install security updates". Is anyone else having this problem, please?

Edit: Servers must have been temporarily down. After posting this query, I noticed Update Manager was showing green tick. Did a refresh and was informed the three updates were still required. Chose to install and all went well.

Happy geriatric!
tenfoot
"Light thinks it travels faster than anything but it is wrong. No matter how fast light travels, it finds darkness always got there first, and is waiting for it." Terry Pratchett (Reaper Man)

User avatar
all41
Level 16
Level 16
Posts: 6249
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Security Notice: CVE-2019-20326 (SOLVED)

Post by all41 »

tenfoot wrote:
Tue Jan 07, 2020 3:00 pm
Updates appeared this morning. Tried to install them but get error message "Cannot install security updates". Is anyone else having this problem, please?

Edit: Servers must have been temporarily down. After posting this query, I noticed Update Manager was showing green tick. Did a refresh and was informed the three updates were still required. Chose to install and all went well.

Happy geriatric!
Yep. Same exact scenario here as well.
Linux Crux=Aut Viam Inveniam Aut Faciam+libera ab tyrannis

User avatar
JerryF
Level 12
Level 12
Posts: 4496
Joined: Mon Jun 08, 2015 1:23 pm
Location: Rhode Island, USA

Re: Security Notice: CVE-2019-20326

Post by JerryF »

After the update to 2.4.5, Pix hangs.
*** IF your problem has been solved, please edit your ORIGINAL post and add [SOLVED] to the beginning of the Subject Line. It helps other members when browsing posts. ***

User avatar
karlchen
Level 21
Level 21
Posts: 12808
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Security Notice: CVE-2019-20326 (SOLVED)

Post by karlchen »

tenfoot wrote:
Tue Jan 07, 2020 3:00 pm
Updates appeared this morning. Tried to install them but get error message "Cannot install security updates". Is anyone else having this problem, please?
Never read about this problem before. Or have I? <==> [Solution/workaround] Mint 19.2 MintUpdate 5.5.4.2: Could not install security updates! But it has?!
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)

User avatar
karlchen
Level 21
Level 21
Posts: 12808
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Security Notice: CVE-2019-20326

Post by karlchen »

JerryF wrote:
Tue Jan 07, 2020 6:51 pm
After the update to 2.4.5, Pix hangs.
Hm. Just launched and watched some slideshows. No problems encountered. Terminating Pix worked as well.
Mint 19.3 64-bit xfce, Pix 2.4.5
Mint 18.1 32-bit xfce, Pix 2.4.5
Last edited by karlchen on Wed Jan 08, 2020 6:10 pm, edited 1 time in total.
Reason: checked Pix 2.4.5 on LM 18.1 xfce as well
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)

Post Reply

Return to “Releases & Announcements”