Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 18.04 LTS: USN-4569-1 Critical: Yaws Remote Exploits

ubuntu
Calendar Grey October 5, 2020
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-4570-1 outlines the security issues related to the Nginx service and highlights the essential updates required for Ubuntu 20.04 LTS.
Several security issues were fixed in Yaws.

Summary

Several security issues were fixed in Yaws.

Software Description:

- yaws: High performance HTTP 1.1 webserver written in Erlang

Details:

It was discovered that Yaws did not properly sanitize XML input. A remote

attacker could use this vulnerability to execute an XML External Entity

(XXE) injection attack. (CVE-2020-24379)

It was discovered that Yaws mishandled certain input when running CGI

scripts. A remote attacker could use this vulnerability to execute

arbitrary commands. (CVE-2020-24916)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  erlang-yapp                     2.0.4+dfsg-2ubuntu0.1
  erlang-yaws                     2.0.4+dfsg-2ubuntu0.1
  yaws                            2.0.4+dfsg-2ubuntu0.1
  yaws-mail                       2.0.4+dfsg-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4569-1

CVE-2020-24379, CVE-2020-24916

Severity
critical
Lowest
Low
Medium
High
Critical

October 05, 2020

Package Information

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here