Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04: USN-4540-1 Moderate: atftpd Denial Of Service

ubuntu
Calendar Grey September 24, 2020
Dist Ubuntu Esm H88
Multiple vulnerabilities addressed in atftpd for Ubuntu 18.04. It is advisable to perform an update to ensure system safety and reliability.
Several security issues were fixed in atftpd.

Summary

Several security issues were fixed in atftpd.

Software Description:

- atftp: Advanced TFTP Server and Client

Details:

Denis Andzakovic discovered that atftpd incorrectly handled certain

malformed packets. A remote attacker could send a specially crafted packet

to cause atftpd to crash, resulting in a denial of service.

(CVE-2019-11365)

Denis Andzakovic discovered that atftpd did not properly lock the thread

list mutex. An attacker could send a large number of tftpd packets

simultaneously when running atftpd in daemon mode to cause atftpd to

crash, resulting in a denial of service. (CVE-2019-11366)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  atftpd                          0.7.git20120829-3.1~0.18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4540-1

CVE-2019-11365, CVE-2019-11366

September 24, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here