drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Cron
| Name: |
Mehrere Probleme in Cron |
|
| ID: |
USN-5259-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 16.04 ESM |
|
| Datum: |
Di, 1. Februar 2022, 22:11 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9705
https://ubuntu.com/security/notices/USN-5259-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9704 |
|
| Applikationen: |
vixie-cron |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6238519046224291918==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------0JEdLrByz7nowYHG731mgLPe"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------0JEdLrByz7nowYHG731mgLPe
Content-Type: multipart/mixed;
boundary="------------SXydvr9kZG0AMbTu950gRpFJ";
protected-headers="v1"
From: Camila Camargo de Matos <camila.camargodematos@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <fbe4cc8d-8941-5510-b336-6998dbe9d20f@canonical.com>
Subject: [USN-5259-1] Cron vulnerabilities
References: <20220201143914.CECF026C2990@lillypilly.canonical.com>
In-Reply-To: <20220201143914.CECF026C2990@lillypilly.canonical.com>
--------------SXydvr9kZG0AMbTu950gRpFJ
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-5259-1
February 01, 2022
cron vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Cron.
Software Description:
- cron: process scheduling daemon
Details:
It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)
Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)
It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could possibly use this issue to cause a denial
of service. (CVE-2019-9705)
It was discovered that Cron contained a use-after-free vulnerability in
its force_rescan_user function. An attacker could possibly use this issue
to cause a denial of service. (CVE-2019-9706)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
cron 3.0pl1-128ubuntu2+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5259-1
CVE-2017-9525, CVE-2019-9704, CVE-2019-9705, CVE-2019-9706
|
|
|
|
