Summary
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.
https://cve.mitre.org/cgi-bin/cvename.c ... 2019-20326
Affected versions
The issue affects all versions of Pix prior to to version 2.4.5.
Fixed versions
Updates for Pix 2.4.5 were pushed towards all currently supported versions of Linux Mint (18.x, 19.x) and LMDE 3.
References
Pix commits between 2.4.4 and 2.4.5: https://github.com/linuxmint/pix/commits/master
Security Notice: CVE-2019-20326
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Re: Security Notice: CVE-2019-20326 (SOLVED)
Updates appeared this morning. Tried to install them but get error message "Cannot install security updates". Is anyone else having this problem, please?
Edit: Servers must have been temporarily down. After posting this query, I noticed Update Manager was showing green tick. Did a refresh and was informed the three updates were still required. Chose to install and all went well.
Happy geriatric!
Edit: Servers must have been temporarily down. After posting this query, I noticed Update Manager was showing green tick. Did a refresh and was informed the three updates were still required. Chose to install and all went well.
Happy geriatric!
tenfoot
"Light thinks it travels faster than anything but it is wrong. No matter how fast light travels, it finds darkness always got there first, and is waiting for it." Terry Pratchett (Reaper Man)
"Light thinks it travels faster than anything but it is wrong. No matter how fast light travels, it finds darkness always got there first, and is waiting for it." Terry Pratchett (Reaper Man)
Re: Security Notice: CVE-2019-20326 (SOLVED)
Yep. Same exact scenario here as well.tenfoot wrote: ⤴Tue Jan 07, 2020 3:00 pm Updates appeared this morning. Tried to install them but get error message "Cannot install security updates". Is anyone else having this problem, please?
Edit: Servers must have been temporarily down. After posting this query, I noticed Update Manager was showing green tick. Did a refresh and was informed the three updates were still required. Chose to install and all went well.
Happy geriatric!
Everything in life was difficult before it became easy.
Re: Security Notice: CVE-2019-20326
After the update to 2.4.5, Pix hangs.
Re: Security Notice: CVE-2019-20326 (SOLVED)
Never read about this problem before. Or have I? <==> [Solution/workaround] Mint 19.2 MintUpdate 5.5.4.2: Could not install security updates! But it has?!
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 771 days now.
Lifeline
Re: Security Notice: CVE-2019-20326
Hm. Just launched and watched some slideshows. No problems encountered. Terminating Pix worked as well.
Mint 19.3 64-bit xfce, Pix 2.4.5
Mint 18.1 32-bit xfce, Pix 2.4.5
Last edited by karlchen on Wed Jan 08, 2020 6:10 pm, edited 1 time in total.
Reason: checked Pix 2.4.5 on LM 18.1 xfce as well
Reason: checked Pix 2.4.5 on LM 18.1 xfce as well
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 771 days now.
Lifeline