• Software Properties vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, August 12, 2020 12:10:03
    software-properties vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Software Properties could be made to manipulate the display.

    Software Description

    * software-properties - manage the repositories that you install
    software from

    Details

    Jason A. Donenfeld discovered that Software Properties incorrectly
    filtered certain escape sequences when displaying PPA
    descriptions. If a user were tricked into adding an arbitrary PPA,
    a remote attacker could possibly manipulate the screen.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    python3-software-properties - 0.98.9.2
    software-properties-common - 0.98.9.2

    Ubuntu 18.04 LTS
    python3-software-properties - 0.96.24.32.14
    software-properties-common - 0.96.24.32.14

    Ubuntu 16.04 LTS
    python-software-properties - 0.96.20.10
    python3-software-properties - 0.96.20.10
    software-properties-common - 0.96.20.10

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-15709

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, August 17, 2020 12:10:02
    software-properties vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    Software Properties could be made to manipulate the display.

    Software Description

    * software-properties - manage the repositories that you install
    software from

    Details

    USN-4457-1 fixed a vulnerability in Software. This update provides
    the corresponding update for Ubuntu 14.04 ESM.

    Original advisory details:

    Jason A. Donenfeld discovered that Software Properties incorrectly
    filtered certain escape sequences when displaying PPA
    descriptions. If a user were tricked into adding an arbitrary PPA,
    a remote attacker could possibly manipulate the screen.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    python-software-properties - 0.92.37.8ubuntu0.1~esm1
    python3-software-properties - 0.92.37.8ubuntu0.1~esm1
    software-properties-common - 0.92.37.8ubuntu0.1~esm1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4457-1
    * CVE-2020-15709

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)