You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa freetds

Sigurnosni nedostatak programskog paketa freetds

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4173-1
October 30, 2019

freetds vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS

Summary:

FreeTDS could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
– freetds: libraries for connecting to MS SQL and Sybase SQL servers

Details:

Felix Wilhelm discovered that FreeTDS incorrectly handled certain types
after a protocol downgrade. A remote attacker could use this issue to cause
FreeTDS to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
freetds-bin 1.1.6-1ubuntu0.1
libct4 1.1.6-1ubuntu0.1
libsybdb5 1.1.6-1ubuntu0.1
tdsodbc 1.1.6-1ubuntu0.1

Ubuntu 19.04:
freetds-bin 1.00.104-1ubuntu0.1
libct4 1.00.104-1ubuntu0.1
libsybdb5 1.00.104-1ubuntu0.1
tdsodbc 1.00.104-1ubuntu0.1

Ubuntu 18.04 LTS:
freetds-bin 1.00.82-2ubuntu0.1
libct4 1.00.82-2ubuntu0.1
libsybdb5 1.00.82-2ubuntu0.1
tdsodbc 1.00.82-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4173-1
CVE-2019-13508

Package Information:
https://launchpad.net/ubuntu/+source/freetds/1.1.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/freetds/1.00.104-1ubuntu0.1
https://launchpad.net/ubuntu/+source/freetds/1.00.82-2ubuntu0.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl25sJIACgkQZWnYVadE
vpN8nA/9FPz6nQg+XGVTS4IgLROKD0PuS8Otx3H7v5uVtwZkWPnSWD8mq/5Zwynp
0nyXerJPZFmklbeyxEdJHErg3H/gtgwfjrzUJFJYp6BA0vSxxpPVw02z8dm3dfqP
BENuZ4AtBUMEbgZhz7YV56YJV5Or5ZRpKp+ufbXEj/R8vrDl7u7gRNKyzyDmuPS0
m9UYbSMnKOVa3jbluipYnHivSwI/cAGUWpyZt8PBQJ4en4ejLR0vlkSM31lbsK6t
FnR+kCCH6EgJNttExUMzLQG1hq/HEhDJ3ehafNbUE1n1JMdcdJxQEbJoAXFCfG9z
TgrBcowYSlwCfvxpom182DcHxAtoeV/AUEXB2dPJ54j4D/1lK4jO6kuikFmc8k+g
dWg0do4uZRRCa/HRjRYKOsPfCaFBkzRigSQRy/VnhCxOBAR1gPg/mexLsD79rJe5
e+rfCNVQ1fKngku7oZJIYc+kj2Ab3ci/7yYg9Bt+VbQNpe4eJ2EDUWppS2Xi2wCs
S+UzsUJyLUissHQzMi88c80Eu68XkbyAjezWuhn/LIzPL6Wmkta2Y3dyufM+ZM8M
+TQ5+Nq7VZgmwy+NNWQwg3fsQNWVG97xJ+Gdo3mEItpWQP1bsi+bBp2NlAEx2iV1
bbB2nn6TCwvnkwi+uZMXgaL3hSXRcX9T/h4nmlO22IvJ2Fj/8Bw=
=GW1S
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2019-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa samba

Otkriven je sigurnosni nedostatak u programskom paketu samba za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija...

Close