You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa libemail-address-list-perl

Sigurnosni nedostatak programskog paketa libemail-address-list-perl

==========================================================================
Ubuntu Security Notice USN-4517-1
September 17, 2020

libemail-address-list-perl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Email-Address-List could be made to remotely exhaust resources if it
received specially crafted email data.

Software Description:
– libemail-address-list-perl: RFC close address list parsing

Details:

It was discovered that Email-Address-List does not properly parse email
addresses during email-ingestion. A remote attacker could use this issue
to cause an algorithmic complexity attack, resulting in a denial of
service. (CVE-2018-18898)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libemail-address-list-perl 0.05-1+deb9u1build0.18.04.1

Ubuntu 16.04 LTS:
libemail-address-list-perl 0.05-1+deb9u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4517-1
CVE-2018-18898

Package Information:

https://launchpad.net/ubuntu/+source/libemail-address-list-perl/0.05-1+deb9u1build0.18.04.1

https://launchpad.net/ubuntu/+source/libemail-address-list-perl/0.05-1+deb9u1build0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9knLAACgkQW+PTAFZK
yRibCA//cFfRj8rKkEbeoJUAUbgX7S4iAqF19YFSXGwJRFku87TuJoExAc4TPQ9J
1aZqL8dd+lw81V7fS1QCI6n4Z8N9hvCP9gsNmKZ2GFqNVPLFz4LiE8zm3xCHUgb5
mDyoBW/6HweLYfOBv1J/d202yj65Kc5AU7B3KymmvQh88rTlX3lLbZu04aid8QBL
TkGD4zT62C9iqgmmxeEiw7WSqBbbMDULgXg3mI1GM2ZloYQHybXFAUELhyRjyBLx
3L6OgYF4CfMESGgmwMZYGCbZxDNs3NRrTQo4tnLM3t+HAoF9oJp3eC9+TIZDqeQR
EOKV2lfxaQAmz6/36EJ46KehVvJ50sIU6/k0Uy4ykwyNxZk6GCqhGZkd+NBJN7I2
BtQxVgNlV1lDJZ1UiCoGo5UmyM2BsgA3dbYhHKjEocAEQwlZws84451ZJO9LK4rb
G1M5FZUmyVLbxTpr1pDF/RNuLX+QRkws02UhMqKWNS/vWkxMYo9WRYvwew7arL3B
BNiYWR3M6FOeF25WPomE5gzGoZshMb1ZwzQx6bcBuKib0nDTh1ruWOF7oRdh9WtC
0cZZVD7M6KUl7zKyXBR/VVJIyZQ0vniPXz9VSmDTy9I4kyCAqR8vlMl/FqSzlBO4
TOTOD5MEdc5Ecn3jhPA3SnscGFShN27dBHL/P+i+5iUCw1acBvQ=
=bskM
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa pulseaudio

Otkriven je sigurnosni nedostatak u programskom paketu pulseaudio za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje rušenje servisa. Savjetuje...

Close