Ubuntu Security Notice 5356-1 - Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could possibly use this issue to execute arbitrary code.
e3839ee571468680b81112957309e74a8af6ee0fa66b2e646caf9672ba1cf90f
==========================================================================
Ubuntu Security Notice USN-5356-1
March 30, 2022
dosbox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in DOSBox.
Software Description:
- dosbox: An Open Source DOS emulator to run old DOS games.
Details:
Alexandre Bartel discovered that DOSBox incorrectly handled
long lines in certain files. An attacker could possibly use
this issue to execute arbitrary code. (CVE-2019-7165)
Alexandre Bartel discovered that DOSBox incorrectly performed
access control over certain directories. An attacker could
possibly use this issue to execute arbitrary code.
(CVE-2019-12594)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
dosbox 0.74-4.3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5356-1
CVE-2019-12594, CVE-2019-7165
Package Information:
https://launchpad.net/ubuntu/+source/dosbox/0.74-4.3ubuntu0.1