==========================================================================
Ubuntu Security Notice USN-4523-1
September 21, 2020

libofx vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

LibOFX could be made to crash.

Software Description:
– libofx: client-side implementation of Open Financial Exchange
specification

Details:

It was discovered that LibOFX did not properly check for errors in
certain situations, leading to a NULL pointer dereference. A remote
attacker could use this issue to cause a denial of service attack.
(CVE-2019-9656)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libofx-dev 1:0.9.10-1+deb8u2build0.16.04.1
libofx6 1:0.9.10-1+deb8u2build0.16.04.1
ofx 1:0.9.10-1+deb8u2build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4523-1
CVE-2019-9656

Package Information:

https://launchpad.net/ubuntu/+source/libofx/1:0.9.10-1+deb8u2build0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9pLNEACgkQW+PTAFZK
yRhqGA/+Mnc6L+fgzVg+OSK6plR9ZyoYNTvGLP33cWaJ4SE8jkZJjo6SBY+wy3Jk
Ur8wSSqkPl1EOkFtwm+My9UJiBl0nVW0kHuuSF3ulp16+VFmmRHTuvb/Mwt3Hhty
9LydzZ7uOBr4RIqS7N95DcqJmXpx/hxQ5JrcgW0rmj8d89KtqbwVwqQAkLv8Da+q
bHo5r+1H68rbjmDyJzzvYDK+4JXZypl163eRTthS3h2VfvoTOw0kbZa9K4yg0XM+
gsJXtpDOT2uW1BsF9xf9fulTJtaRfqHfif/yZxPUwOSR6eXMAtWShzfpZjHC+3VG
l2L/lbPTrExcqtMYjDRnhj1xNAGg7v4ueP0H8kx8foBr6+iY4UaFAc3s51HmbWYg
5zRjQjDA4l94PpOc/qfvzvuO5cEBQ9misNSyKBPvB9WSV50qeGjvLJPboOU9XZ90
xOYgQZa1Edd7CklgJg4FUgYPwmMXr2r6x2776QBph4Jy+BysHgCV2msPGGIeV/Z4
CcFhPvltEB7v6S26jLT1JVtqClK3BpAblSjcRA+sLFPNiXyaeD38ucUpvWrt7KS8
MYUsXZQepirG2TUVImddyUDyN1qTaIcIE+bmh4+NLu+s9fGWLWNQmaWk881WeiX6
L6LN+mBExU3ekucU7QySyxEsQ6PAOGp5PjzI4noOoCZvn9Ji2sk=
=D0RP
—–END PGP SIGNATURE—–
—