Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 20.04 LTS: USN-4539-1 Critical: AWL Session Impersonation Threat

ubuntu
Calendar Grey September 24, 2020
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-4539-1 discusses a critical flaw concerning Ubuntu 20.04 LTS, which leads to session instability issues.
DAViCal Andrew's Web Libraries could be made to run programs as your login if it received specially crafted input.

Summary

DAViCal Andrew's Web Libraries could be made to run programs as your login

if it received specially crafted input.

Software Description:

- awl: PHP Utility Libraries

Details:

Andrew Bartlett discovered that DAViCal Andrew's Web Libraries (AWL) did

not properly manage session keys. An attacker could possibly use this

issue to impersonate a session. (CVE-2020-11728)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  libawl-php                      0.60-1+deb10u1ubuntu1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4539-1

CVE-2020-11728

Severity
critical
Lowest
Low
Medium
High
Critical

September 24, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here