Security Notice: CVE-2019-20326

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Post Reply
User avatar
clem
Level 12
Level 12
Posts: 4303
Joined: Wed Nov 15, 2006 8:34 am
Contact:

Security Notice: CVE-2019-20326

Post by clem »

Summary

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

https://cve.mitre.org/cgi-bin/cvename.c ... 2019-20326

Affected versions

The issue affects all versions of Pix prior to to version 2.4.5.

Fixed versions

Updates for Pix 2.4.5 were pushed towards all currently supported versions of Linux Mint (18.x, 19.x) and LMDE 3.

References

Pix commits between 2.4.4 and 2.4.5: https://github.com/linuxmint/pix/commits/master
Image
tenfoot
Level 6
Level 6
Posts: 1253
Joined: Sun Jun 03, 2007 4:12 am

Re: Security Notice: CVE-2019-20326 (SOLVED)

Post by tenfoot »

Updates appeared this morning. Tried to install them but get error message "Cannot install security updates". Is anyone else having this problem, please?

Edit: Servers must have been temporarily down. After posting this query, I noticed Update Manager was showing green tick. Did a refresh and was informed the three updates were still required. Chose to install and all went well.

Happy geriatric!
tenfoot
"Light thinks it travels faster than anything but it is wrong. No matter how fast light travels, it finds darkness always got there first, and is waiting for it." Terry Pratchett (Reaper Man)
User avatar
all41
Level 19
Level 19
Posts: 9498
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Security Notice: CVE-2019-20326 (SOLVED)

Post by all41 »

tenfoot wrote: Tue Jan 07, 2020 3:00 pm Updates appeared this morning. Tried to install them but get error message "Cannot install security updates". Is anyone else having this problem, please?

Edit: Servers must have been temporarily down. After posting this query, I noticed Update Manager was showing green tick. Did a refresh and was informed the three updates were still required. Chose to install and all went well.

Happy geriatric!
Yep. Same exact scenario here as well.
Everything in life was difficult before it became easy.
User avatar
JerryF
Level 16
Level 16
Posts: 6554
Joined: Mon Jun 08, 2015 1:23 pm
Location: Rhode Island, USA

Re: Security Notice: CVE-2019-20326

Post by JerryF »

After the update to 2.4.5, Pix hangs.
User avatar
karlchen
Level 23
Level 23
Posts: 18179
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Security Notice: CVE-2019-20326 (SOLVED)

Post by karlchen »

tenfoot wrote: Tue Jan 07, 2020 3:00 pmUpdates appeared this morning. Tried to install them but get error message "Cannot install security updates". Is anyone else having this problem, please?
Never read about this problem before. Or have I? <==> [Solution/workaround] Mint 19.2 MintUpdate 5.5.4.2: Could not install security updates! But it has?!
Image
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 762 days now.
Lifeline
User avatar
karlchen
Level 23
Level 23
Posts: 18179
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Security Notice: CVE-2019-20326

Post by karlchen »

JerryF wrote: Tue Jan 07, 2020 6:51 pmAfter the update to 2.4.5, Pix hangs.
Hm. Just launched and watched some slideshows. No problems encountered. Terminating Pix worked as well.
Mint 19.3 64-bit xfce, Pix 2.4.5
Mint 18.1 32-bit xfce, Pix 2.4.5
Last edited by karlchen on Wed Jan 08, 2020 6:10 pm, edited 1 time in total.
Reason: checked Pix 2.4.5 on LM 18.1 xfce as well
Image
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 762 days now.
Lifeline
Post Reply

Return to “Releases & Announcements”