You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa software-properties

Sigurnosni nedostatak programskog paketa software-properties

by Marina Dimic Vugec - 0

==========================================================================
Ubuntu Security Notice USN-4457-1
August 12, 2020

software-properties vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Software Properties could be made to manipulate the display.

Software Description:
– software-properties: manage the repositories that you install software from

Details:

Jason A. Donenfeld discovered that Software Properties incorrectly filtered
certain escape sequences when displaying PPA descriptions. If a user were
tricked into adding an arbitrary PPA, a remote attacker could possibly
manipulate the screen.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
python3-software-properties 0.98.9.2
software-properties-common 0.98.9.2

Ubuntu 18.04 LTS:
python3-software-properties 0.96.24.32.14
software-properties-common 0.96.24.32.14

Ubuntu 16.04 LTS:
python-software-properties 0.96.20.10
python3-software-properties 0.96.20.10
software-properties-common 0.96.20.10

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4457-1
CVE-2020-15709

Package Information:
https://launchpad.net/ubuntu/+source/software-properties/0.98.9.2
https://launchpad.net/ubuntu/+source/software-properties/0.96.24.32.14
https://launchpad.net/ubuntu/+source/software-properties/0.96.20.10

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl80AtgACgkQZWnYVadE
vpO2wQ/+NGRvQwgaKLImb+Cfy+ke0I03Hep+K/qSOP/ZXO+mydsq9dndwawIsU0e
6muXDzMvAxTAYDydV11OPE725UtArVLZu+IH8Mv8O5etL3ocyZF+qevmHRQPCJII
DtvO3HBLK77NFGAOSnQ7SUAof9PHax/NfZWV9IgyDexDcmNbk51Bgi8Q62L+7R3A
Wo0TGHjeOH+kQiuURsY8sdEiiT2Qg+bsgh0jcngq2Y2wq3+40YZriOeR6LpC2tRZ
0sg70Ws3jBhqyyTHgoZgPlsKnrKlhU863MU/NUOEW0rOTvmisza/CjQWtkpl7VfY
4EFYCgnCfq9cSlBi5M12AthBhcA5p+cKHRtxQh+xYn8bejLeWg0BofY03g23NFyc
c0MZLg2Uu0nlaaWu6jF/fF52e6DmRlH6x0UGyr48K4opsqipM+i4e8LPWLL99x9c
mil2mmxKtKXIOif5ThzQiwjpP7ZW7tFVtgmzl6nJmyQAOI0l1lmAbwnktsbHlSjP
nvvaj7pRrz3HAGmR+zq40upj/vnsUB63IV+45Jv6PRPEdXIy76YdOGbhOE+l8mmF
fG7vyVmMsD/p+p9xTZ/QwQBBbiKnYFdenOQRH9XEXUw+3ced9FPsgDY6ik9nF/NP
GGyZsmpysJ+FhUBbP/+oOjHfmXcJAYbdJhHWzCZskhAya1MSYyk=
=/Hn2
—–END PGP SIGNATURE—–

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda...

Close