drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Cron
Name: |
Mehrere Probleme in Cron |
|
ID: |
USN-5259-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 ESM |
|
Datum: |
Di, 1. Februar 2022, 22:11 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9705
https://ubuntu.com/security/notices/USN-5259-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9704 |
|
Applikationen: |
vixie-cron |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6238519046224291918== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------0JEdLrByz7nowYHG731mgLPe"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------0JEdLrByz7nowYHG731mgLPe Content-Type: multipart/mixed; boundary="------------SXydvr9kZG0AMbTu950gRpFJ"; protected-headers="v1" From: Camila Camargo de Matos <camila.camargodematos@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <fbe4cc8d-8941-5510-b336-6998dbe9d20f@canonical.com> Subject: [USN-5259-1] Cron vulnerabilities References: <20220201143914.CECF026C2990@lillypilly.canonical.com> In-Reply-To: <20220201143914.CECF026C2990@lillypilly.canonical.com>
--------------SXydvr9kZG0AMbTu950gRpFJ Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5259-1 February 01, 2022
cron vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Cron.
Software Description: - cron: process scheduling daemon
Details:
It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525)
Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9704)
It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9705)
It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9706)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: cron 3.0pl1-128ubuntu2+esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5259-1 CVE-2017-9525, CVE-2019-9704, CVE-2019-9705, CVE-2019-9706
|
|
|
|