FERRAMENTAS LINUX: Critical Gnuplot Security Vulnerabilities: Patch Updates & Fixes (CVE-2025)

terça-feira, 24 de junho de 2025

Critical Gnuplot Security Vulnerabilities: Patch Updates & Fixes (CVE-2025)

 

Ubuntu



Ubuntu users alert! Gnuplot faces critical memory-related vulnerabilities (CVE-2018-19490, CVE-2020-25412) risking DoS & arbitrary code execution. Learn patch updates, affected versions (14.04–20.04 LTS), and secure your systems now.


Overview: Gnuplot Security Risks

Gnuplot, the command-line graphing utility widely used in data visualization, scientific research, and engineering, has been found vulnerable to multiple high-severity exploits. These vulnerabilities could allow attackers to trigger:

  • Buffer overflows (leading to system crashes)

  • Arbitrary code execution (remote takeover risk)

  • Memory corruption via strncpy() misuse

Affected Ubuntu Releases:

✅ 14.04 LTS (Trusty)

✅ 16.04 LTS (Xenial)

✅ 18.04 LTS (Bionic)

✅ 20.04 LTS (Focal)

🔴 Severity Rating: High (CVSS: 7.5–8.1)

Vulnerability Breakdown & Exploit Analysis

A. Memory Corruption Flaws (CVE-2018-19490 to CVE-2018-19492)

Discovered by Tim Blazytko, Cornelius Aschermann (Ruhr-University Bochum), and Sergej Schumilo (NVIDIA), these flaws impact:

  • Heap-based buffer overflows in Gnuplot’s file parsing.

  • Use-after-free bugs in print_set_output().

Impact: Attackers could crash systems or inject malicious payloads via crafted plot scripts.

B. strncpy() Out-of-Bounds Write (CVE-2020-25412)

  • Exploitable in Ubuntu 20.04 LTS.

  • Allows arbitrary code execution via malformed input files.

C. Additional CVEs Patched

  • CVE-2020-25559 (Input validation bypass)

  • CVE-2020-25969 (Privilege escalation risk)

Patch Instructions & Secure Updates

Step-by-Step Fix Guide

  1. Run a standard system update:

    bash
    sudo apt update && sudo apt upgrade

  2. Verify installed versions:

    Ubuntu ReleasePackageSecure Version
    20.04 LTS (Focal)gnuplot5.2.8+dfsg1-2ubuntu0.1~esm1
    18.04 LTS (Bionic)gnuplot-x115.2.2+dfsg1-2ubuntu1+esm1
    14.04 LTS (Trusty)gnuplot-nox4.6.4-2ubuntu0.1~esm1

  3. Extended Security Coverage:

    • Ubuntu Pro (free for 5 machines) offers 10-year patches for ESM (Extended Security Maintenance).

Mitigation & Best Practices

  • Restrict Gnuplot script execution to trusted sources.

  • Monitor logs for unusual gnuplot process activity.

  • Upgrade to Ubuntu Pro for long-term support.

FAQs: Gnuplot Security

Q1: Is Gnuplot still safe to use?

✅ Yes, if patched. Unpatched systems are vulnerable to RCE (Remote Code Execution).

Q2: How do I check my Gnuplot version?

bash
gnuplot --version

Q3: Are other Linux distros affected?

⚠️ Debian, CentOS, and Fedora may have similar flaws—check vendor advisories.


Conclusion: Act Now

These critical vulnerabilities highlight the importance of timely updates in open-source tools. Enterprises relying on data visualization should prioritize patching to prevent cyberattacks.

🔗 Further Reading:


Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)