You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa xdg-utils

Sigurnosni nedostatak programskog paketa xdg-utils

by Vlatka Mišić - 0

==========================================================================
Ubuntu Security Notice USN-4649-1
November 26, 2020

xdg-utils vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

xdg-utils could be made to expose sensitive information.

Software Description:
– xdg-utils: desktop integration utilities from freedesktop.org

Details:

Jens Mueller discovered that xdg-utils incorrectly handled certain URI.
An attacker could possibly use this issue to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
xdg-utils 1.1.3-2ubuntu1.20.10.1

Ubuntu 20.04 LTS:
xdg-utils 1.1.3-2ubuntu1.20.04.1

Ubuntu 18.04 LTS:
xdg-utils 1.1.2-1ubuntu2.4

Ubuntu 16.04 LTS:
xdg-utils 1.1.1-1ubuntu1.16.04.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4649-1
CVE-2020-27748

Package Information:
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.3-2ubuntu1.20.10.1
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.3-2ubuntu1.20.04.1
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.2-1ubuntu2.4
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.1-1ubuntu1.16.04.4
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl+/zPoACgkQRbznW4QL
H2mw6Q//fHAfOiKNfsDilytAy9hLSGhgnNYEfm7YiAz7bPZTU/+mcxrWABJnLZqn
0PJWvO/lvjrVjGKD0GavSdwmrJflqNWub7TwYglF3jZLp9t3/Dn6k+cJsMCTBjfa
O5ls8e8I4MIyJw0MGdw3vXgVfu6Qcpaptpo7kf7Rt26h7PROBEqiIK/a1BSZpiLB
6rLMCDtIqYmddBdNyFegGtYuXn0cNmptXQ2SeIPm2gpbcuKy8XgEij9XHg3VMasX
LEwAtstmIuhTR6VcBGRchQBg1VVmaKZMJk5kI0C/VXRh8enKgVhSDaySz8wgZhrR
fml/V7iAXb6r3eBWlOvnODNgExpOUNINt1TtsY0dT8ZH/P0yr9PAOx242p95vHgr
jqNgDX3YnOI7QHOJFdOMkmk+G+hYJ15oxsrhcUdlFrkNgSS7EAJ9Au4GzlXApmMX
u5aP1OvUEmdui2j043G13eyYDjrRO6qTD3ybeiE64x5rL30HGeUG6xCHjO3Q/01s
ZTR9NUzApywXRHyFGcXUIbjqtUBAQMW1dqXFfnff2rnDKTRsfg8tT9dd0b4YwfW1
hyjPPPA2i5hI9PrYi69JzoW1yVr+pkaasty7RqGwWEtGqDe+8IfqAspaa7CS7t/N
Ck2uhZZcYBfwfMgpuLLK9hGG5OjcoIbdvBX9CwLurS5Vz2dBkIA=
=q7bu
—–END PGP SIGNATURE—–

Vlatka Mišić
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa c ares

Otkriven je sigurnosni nedostatak u programskom paketu c ares za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS...

Close