You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libproxy

Sigurnosni nedostatak programske biblioteke libproxy

by Vlatka Mišić - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4673-1
January 04, 2021

libproxy vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

libproxy could be made to crash or execute arbitrary code if it received a specially
crafted file.

Software Description:
– libproxy: automatic proxy configuration management library

Details:

Li Fei discovered that libproxy incorrectly handled certain PAC files.
An attacker could possibly use this issue to cause a crash or execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
libproxy1v5 0.4.15-13ubuntu1.1

Ubuntu 20.04 LTS:
libproxy1v5 0.4.15-10ubuntu1.2

Ubuntu 18.04 LTS:
libproxy1v5 0.4.15-1ubuntu0.2

Ubuntu 16.04 LTS:
libproxy1v5 0.4.11-5ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4673-1
CVE-2020-26154

Package Information:
https://launchpad.net/ubuntu/+source/libproxy/0.4.15-13ubuntu1.1
https://launchpad.net/ubuntu/+source/libproxy/0.4.15-10ubuntu1.2
https://launchpad.net/ubuntu/+source/libproxy/0.4.15-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libproxy/0.4.11-5ubuntu1.2
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl/zHi0ACgkQRbznW4QL
H2lSZBAAtnfYHAVHvFdip0AsuCM6ctpdSDSVc/L6fD6C+OWn/UOZD/61PvVGYQiK
ecCxWY2kNrQ3zSvqzuFQjYrmN1xeEEz5l5hWnyHrtS/FM6F/Pt9mwbpZan28KI3E
i66z4wRnc3sUaEp6mQTXntCrV20EKFiJcFzJDDHLWv57v5uHUtpgiGsiVPaXgIMH
7L+PhZSkVjRNCU7kQekU0jD6McwPxNaNB/vRskILfTh5j6J94e4xJjOIBFniBdty
Qlf4Lak0WzhbgVWqTPLxYH/YilDa4K9+nYbG8h6GLiiOYINkGAmqy/nHEq0EIIhM
f/ufrK3MbaSCRd7xPhcczTtoYZ1WUhyeIgWfmN/sGqj/1SkHaZIZ75/8tgq1da4I
U73UsYeYFMv0hiEegaOS94o0WkoOLbhdyrmYKCjolh1V5Y65yDN3rSrasf+0WAWR
lYkac7vRvQpfi8b8a0AWOS4b0JhABzTospq2tbj/8syiuZeziwwG4PQUh4anbejj
oCsccmsGRIj8gbOxDB1h2ISA5rGEtlwdEemWBS88zOSMYiOe1P/P8o+DlZfUlpoR
RSR4AXt9RTeB8pcsdsHPea8T53UpMi7JQhB1x2q2cmWpsVSZTV8ILo47399TvOoy
W6yN5UklRJu0uDdRTRUoKzhiA+TF8A1oEZg3vbsHJeGfobc8i9o=
=XVO3
—–END PGP SIGNATURE—–

AutorDona Šeruga
Cert idNCERT-REF-2021-01-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Vlatka Mišić
Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje se ažuriranje izdanim...

Close