==========================================================================
Ubuntu Security Notice USN-4649-1
November 26, 2020
xdg-utils vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
xdg-utils could be made to expose sensitive information.
Software Description:
– xdg-utils: desktop integration utilities from freedesktop.org
Details:
Jens Mueller discovered that xdg-utils incorrectly handled certain URI.
An attacker could possibly use this issue to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
xdg-utils 1.1.3-2ubuntu1.20.10.1
Ubuntu 20.04 LTS:
xdg-utils 1.1.3-2ubuntu1.20.04.1
Ubuntu 18.04 LTS:
xdg-utils 1.1.2-1ubuntu2.4
Ubuntu 16.04 LTS:
xdg-utils 1.1.1-1ubuntu1.16.04.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4649-1
CVE-2020-27748
Package Information:
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.3-2ubuntu1.20.10.1
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.3-2ubuntu1.20.04.1
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.2-1ubuntu2.4
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.1-1ubuntu1.16.04.4
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl+/zPoACgkQRbznW4QL
H2mw6Q//fHAfOiKNfsDilytAy9hLSGhgnNYEfm7YiAz7bPZTU/+mcxrWABJnLZqn
0PJWvO/lvjrVjGKD0GavSdwmrJflqNWub7TwYglF3jZLp9t3/Dn6k+cJsMCTBjfa
O5ls8e8I4MIyJw0MGdw3vXgVfu6Qcpaptpo7kf7Rt26h7PROBEqiIK/a1BSZpiLB
6rLMCDtIqYmddBdNyFegGtYuXn0cNmptXQ2SeIPm2gpbcuKy8XgEij9XHg3VMasX
LEwAtstmIuhTR6VcBGRchQBg1VVmaKZMJk5kI0C/VXRh8enKgVhSDaySz8wgZhrR
fml/V7iAXb6r3eBWlOvnODNgExpOUNINt1TtsY0dT8ZH/P0yr9PAOx242p95vHgr
jqNgDX3YnOI7QHOJFdOMkmk+G+hYJ15oxsrhcUdlFrkNgSS7EAJ9Au4GzlXApmMX
u5aP1OvUEmdui2j043G13eyYDjrRO6qTD3ybeiE64x5rL30HGeUG6xCHjO3Q/01s
ZTR9NUzApywXRHyFGcXUIbjqtUBAQMW1dqXFfnff2rnDKTRsfg8tT9dd0b4YwfW1
hyjPPPA2i5hI9PrYi69JzoW1yVr+pkaasty7RqGwWEtGqDe+8IfqAspaa7CS7t/N
Ck2uhZZcYBfwfMgpuLLK9hGG5OjcoIbdvBX9CwLurS5Vz2dBkIA=
=q7bu
—–END PGP SIGNATURE—–
—