Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 16.04 LTS USN-4702-1 Critical: Pound Information Disclosure

ubuntu
Calendar Grey January 25, 2021
Dist Ubuntu Esm H88
Mitigation strategies for vulnerabilities in the pound server affecting Ubuntu 16.04 LTS, focusing on reducing risks associated with unauthorized remote access.
Several security issues were fixed in pound.

Summary

Several security issues were fixed in pound.

Software Description:

- pound: reverse proxy, load balancer and HTTPS front-end for Web servers

Details:

It was discovered that Pound incorrectly handled certain HTTP requests

A remote attacker could use it to retrieve some sensitive

information. (CVE-2016-10711, CVE-2018-21245)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  pound                           2.6-6.1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4702-1

CVE-2016-10711, CVE-2018-21245

Severity
critical
Lowest
Low
Medium
High
Critical

January 25, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.