Login
Newsletter
Werbung

Sicherheit: Überschreiben von Dateien in npm-fstream
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in npm-fstream
ID: USN-4123-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 19.04
Datum: Do, 5. September 2019, 18:03
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13173
Applikationen: npm-fstream

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5265688545187266643==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="RuOT2J3HlG1JFGOg60Xa3j82FD1wQNrPz"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--RuOT2J3HlG1JFGOg60Xa3j82FD1wQNrPz
Content-Type: multipart/mixed;
boundary="dEk6IXkNNmqPuTBBDjdVZXy6vdZC30iaL";
protected-headers="v1"
From: Mike Salvatore <mike.salvatore@canonical.com>
Reply-To: security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <4103fc55-24ba-23fa-f52b-f2d031bc0ec6@canonical.com>
Subject: [USN-4123-1] npm/fstream vulnerability
References: <20190905124312.78C5A26C248B@lillypilly.canonical.com>
In-Reply-To: <20190905124312.78C5A26C248B@lillypilly.canonical.com>

--dEk6IXkNNmqPuTBBDjdVZXy6vdZC30iaL
Content-Type: text/plain; charset=utf-8
Content-Language: en-U
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4123-1
September 05, 2019

npm/fstream vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS

Summary:

npm/fstream could be made to overwrite files.

Software Description:
- node-fstream: Advanced filesystem streaming tools for Node.js

Details:

It was discovered that npm/fstream incorrectly handled certain crafted
tarballs. An attacker could use this vulnerability to write aritrary files to
the filesystem.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
node-fstream 1.0.10-1ubuntu0.19.04.2

Ubuntu 18.04 LTS:
node-fstream 1.0.10-1ubuntu0.18.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4123-1
CVE-2019-13173

Package Information:
https://launchpad.net/ubuntu/+source/node-fstream/1.0.10-1ubuntu0.19.04.2
https://launchpad.net/ubuntu/+source/node-fstream/1.0.10-1ubuntu0.18.04.1


--dEk6IXkNNmqPuTBBDjdVZXy6vdZC30iaL--

--RuOT2J3HlG1JFGOg60Xa3j82FD1wQNrPz
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1xCEkACgkQdyg1Qz0o
XX1yOA//cpA7pJqkOCD2D5B5Gw5uF/tg10eJREVVsjCkvH4ZAYmtLkOv73c+Mv2J
ik77R674kjnfFMfyzguDbNcW/yhMPnlEcTIGi5KGp6jZtsjkTmfdZc8/AqRfS8M2
QuBqQKOJyFJQR266LPowfFzDAypouRFIiCRT34niNMypQlGlu2BB6E6aZnXceih7
dfffdom3xIEs60VJ7ZpPivpkh/rOlWpsoAlGQr7w4uyNt3uL9ByqbrbckNVf0V+8
hXA++rWA+bdes2Zmq7F+889RRU3qDPBxFlCrfszucV7pghoj9iRWSVTjnQWrCXBx
556zf7WPiEc96xldNqvjWCrC0HmMtsD75uY+zL4BGg8pO23l1uE8n5thcWClBFIx
OAu4y22N/V5fcBiK+Y0bm1/P/Z1JUlkThX+ZyCuRc5XikADYnVqjJyphdfYHKTqK
RsXL1shYkkwP6aJ7574Gwl6J30bxchRYz8Me/g4hiJlKkk0taGMfIKhkc1PTF4Gv
URDB9YNPVBp9yP+J+6fncmm2HDyzttLZqJTDnjd8OzfeSqEl2z1NGNOeP+Q9IrcY
RkmwZvis6bqMxGbFvhL31xD1bjKZWrzPOXaUehy+nqNMiymfdHGpfvVtQaV4qnvr
V2ceOkJBLLMqDV82xWvwOCvK7YZ19wcNNI7QeKxpk8wulGeqpQw=
=71Bz
-----END PGP SIGNATURE-----

--RuOT2J3HlG1JFGOg60Xa3j82FD1wQNrPz--


--===============5265688545187266643==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5265688545187266643==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung