Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 20.04 LTS: USN-4405-1 Critical: glib-networking Information Exposure

ubuntu
Calendar Grey June 29, 2020
Dist Ubuntu Esm H88
Ubuntu Security Update USN-4405-1 resolves a glib-networking vulnerability that could leak confidential data to malicious entities.
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.

Summary

Fraudulent security certificates could allow sensitive

information to be exposed when accessing the Internet.

Software Description:

- glib-networking: Network extensions for GLib

Details:

It was discovered that glib-networking skipped hostname certificate

verification if the application failed to specify the server

identity. A remote attacker could use this to perform a

person-in-the-middle attack and expose sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  glib-networking                 2.64.2-1ubuntu0.1

Ubuntu 19.10:
  glib-networking                 2.62.1-1ubuntu0.1

Ubuntu 18.04 LTS:
  glib-networking                 2.56.0-1ubuntu0.1

Ubuntu 16.04 LTS:
  glib-networking                 2.48.2-1~ubuntu16.04.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4405-1

CVE-2020-13645

Severity
critical
Lowest
Low
Medium
High
Critical

June 29, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.