Mangelnde Eingabeprüfung in Software Properties (Aktualisierung)
ID: | USN-4457-2 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 14.04 ESM |
Datum: | Mo, 17. August 2020, 22:27 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15709 |
Applikationen: | Software Properties |
Update von: | Mangelnde Eingabeprüfung in Software Properties |
Originalnachricht |
|
--===============5480166094537691777== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline --FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4457-2 August 17, 2020 software-properties vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Software Properties could be made to manipulate the display. Software Description: - software-properties: manage the repositories that you install software from Details: USN-4457-1 fixed a vulnerability in Software. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: python-software-properties 0.92.37.8ubuntu0.1~esm1 python3-software-properties 0.92.37.8ubuntu0.1~esm1 software-properties-common 0.92.37.8ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4457-2 https://usn.ubuntu.com/4457-1 CVE-2020-15709 --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl86me0ACgkQRbznW4QL H2lttQ//faoxhP9LZEyi58+AtIIrOC6oDBV+HjuQNKeziykqNb1W3xPpWY4VRtRQ s6+mO/1sBYIglWoY/9VhWZ3FZWUiFJKPpe3Eb1n5Wdp9NTN/mzyUrOU1M7O620UR xWSyVLszf1RIUYvSuHQYG60eUgau2fndWGr9qXD+A9/xB+8pqEsOvW5oST0RIjlH LdTDQedD12vCXZElzYJtEGoaxG+v62wwHnr9aLmNvoZ8fxhmvUdO6AXwiM5UV0Eo 3pcjoCmdOWgDyDC0uoXRkDhE04KeT9+RlWhqm6s0KotjHGTrrRepxBhl1AW2CqeB 2sV0lHMmxZudOr/dKhKzrTBKIxnFzg0GCJlbB9GZ5nrBZtigSeeHMDl+/H4nXdtb Jvm9Xf/SshSkpkKDjorp9b1Oyh3pmBlqNpolhnSVzIs2t8anwlsq/wJ8fkjIdc9F Ww2jwVv/QayN8nc00F+1YNgwuluKievT7cspG1dOM0mxB8Fu/9a8hvjbCtF1OkK+ eFQBeg2nmpQmRcAzpZ93TjDqi3Ra1+czwPv6Hx3+NuDbXDCWRE75+2eLIgy+BBtp m/DdiaDBAvbxTbbGhomr/Gt3udDzXbg2gSxAqoytilvcVwtgq038kp44ws6QG1vc Bza0uhMUPDevd78ZipnNLvwoJpoW1uyh3WtLdqIR7ea8ziBUbsk= =XpUd -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- --===============5480166094537691777== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |