You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa p11 kit

Sigurnosni nedostaci programskog paketa p11 kit

==========================================================================
Ubuntu Security Notice USN-4677-2
January 06, 2021

p11-kit vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in p11-kit.

Software Description:
– p11-kit: p11-glue utilities

Details:

USN-4677-1 fixed a vulnerability in p11-kit. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

David Cook discovered that p11-kit incorrectly handled certain memory
operations. An attacker could use this issue to cause p11-kit to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libp11-kit0 0.20.2-2ubuntu2+esm1
p11-kit 0.20.2-2ubuntu2+esm1
p11-kit-modules 0.20.2-2ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4677-2
https://usn.ubuntu.com/4677-1
CVE-2020-29361
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl/11qMACgkQRbznW4QL
H2l+sQ/+NfpqjpNgPlJ95Ai2lXTWIT/3c8mVwdmDoMnnjHlaUrNes/7DJx1tuxvj
uedVOiue0eqdehEIfM8eQxU6t22e/nB8rv07iy1nTMuVa0Iav5yaW8f/sQDu8rm6
L3/ty6PvpnT7BExZZ3U4ZpkoPES3Ia1+DMrRpa5NmP56sGld9vI2dMdNlgBT8W+H
DJG97CutxEx4BcqgV7egkaidgcXtgfOlsCt5U6PwyoCAOE9yyAw9DnF/g/sciGlG
W1GdZytjA2+5IMPDv0vVkWyaPUT/oYYszgzycNilhLDI8JbbiM/Dp0GzH44zeobL
4kIk/FpmaU4w+AFgyuwRMa+O8stFi2m0ibSmRRl+i3YSqcByt8ndxQUiCEMTmnzL
8z+RfU44mCmgyRXXftRgoXCFbFUoDry/7hZbnQpZW8W6y8h5E+b61UpBd9hHP1fD
XOCZZLAM4FF1ciWdyt6wnBBNTZPFSvebRbQyIC/zc0g8pA7kTO/dvz+e1Ysec9g8
eNCUH+s5e4jZd9RzveJi/SGywDEb3nik/C2OaQ6xwi0oWN/hSgWoTZXr03IoKuyT
IxkvbCWApO4b/PwLuQ98HQ7gkfqwrMcUTsNP6NeEBKwMGxLaynvMDJJFva14Qy3R
kxZv+tA+9HqKkeahtR8xgL0ff6jAs5o+cYaMNn/RwfQ7f4S+eZY=
=AWrf
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4677-1
January 05, 2021

p11-kit vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in p11-kit.

Software Description:
– p11-kit: p11-glue utilities

Details:

David Cook discovered that p11-kit incorrectly handled certain memory
operations. An attacker could use this issue to cause p11-kit to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
libp11-kit0 0.23.21-2ubuntu0.1
p11-kit 0.23.21-2ubuntu0.1
p11-kit-modules 0.23.21-2ubuntu0.1

Ubuntu 20.04 LTS:
libp11-kit0 0.23.20-1ubuntu0.1
p11-kit 0.23.20-1ubuntu0.1
p11-kit-modules 0.23.20-1ubuntu0.1

Ubuntu 18.04 LTS:
libp11-kit0 0.23.9-2ubuntu0.1
p11-kit 0.23.9-2ubuntu0.1
p11-kit-modules 0.23.9-2ubuntu0.1

Ubuntu 16.04 LTS:
libp11-kit0 0.23.2-5~ubuntu16.04.2
p11-kit 0.23.2-5~ubuntu16.04.2
p11-kit-modules 0.23.2-5~ubuntu16.04.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4677-1
CVE-2020-29361, CVE-2020-29362, CVE-2020-29363

Package Information:
https://launchpad.net/ubuntu/+source/p11-kit/0.23.21-2ubuntu0.1
https://launchpad.net/ubuntu/+source/p11-kit/0.23.20-1ubuntu0.1
https://launchpad.net/ubuntu/+source/p11-kit/0.23.9-2ubuntu0.1
https://launchpad.net/ubuntu/+source/p11-kit/0.23.2-5~ubuntu16.04.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/0qGAACgkQZWnYVadE
vpN7Fw/+Pg7rCABhRv8skxO6q6Mig1ic+/8+bFD8+wCyeUbWcvE49e0mjL6jOVtx
z+DZGIMK//Kkb5i7f514ibqkh291x7cacSXHZ6N9sCVgczXJgRJPH0JClTUo6qUK
Avr98xbdoNXYfe9iZKNhrW20YZ1wpKUmvzamYLsLCxbUH8rt1cYPEVeNyREX5vHO
vB1p/oLQWpA+6BBgFMWqevL6KxNliY927yu285dg9tiSid9FXq1TUw+7exdB8wsA
PidQT/6Wky/SDR6KSWyqkMlgkTb+InG2UH3JYrohSa6zGVzuXqQ9bi01JHEjDxT2
oczInz+dS1g+xfwGGZ9/0BeMKI0hfHba32qrAFpCSqYyGkuZpdHdzFsdRatXBye6
t0b+1lhdtEGqBGdKCx9j6qlu77CYPH8BIY2FM52eifU+rPtn/dlL4Wdzr85+5/Za
8cbaD9XSrz7jnWj7H5dVNUB3vL8vfsS7Ri6ojRswr77Y5nZPladzgQBH0y6uILgc
+r0HVLNgQ+A44/95pWAywIzFE846SXt7Sv/5p0AGT7bGVQdK0b33cz3W8bvDzHbU
KF/SYIhjceAxZW+oeyfmavlogy8b8zY+8MdhZvyzf1lhC5gU8q1D+0jlIvfF/E8T
zShRoTkxHyUa7WKINHeo0DvkUCf3zrHdw8MdtB1e6i2WDY0JvWs=
=tHyZ
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ImageMagick

Otkriven je sigurnosni nedostatak u programskom paketu ImageMagick za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close