Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Ubuntu 18.04 LTS USN-5259-3 Moderate: Fix Cron Regression Issues

Calendar May 10, 2022 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service privilege escalation ubuntu cron regression
USN-5259-1 and USN-5259-2 introduced a regression in Cron. 
=========================================================================Ubuntu Security Notice USN-5259-3
May 11, 2022

cron regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

USN-5259-1 and USN-5259-2 introduced a regression in Cron.

Software Description:
- cron: process scheduling daemon

Details:

USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

  It was discovered that the postinst maintainer script in Cron unsafely
  handled file permissions during package install or update operations.
  An attacker could possibly use this issue to perform a privilege
  escalation attack. (CVE-2017-9525)
   Florian Weimer discovered that Cron incorrectly handled certain memory
  operations during crontab file creation. An attacker could possibly use
  this issue to cause a denial of service. (CVE-2019-9704)
   It was discovered that Cron incorrectly handled user input during crontab
  file creation. An attacker could possibly use this issue to cause a denial
  of service. (CVE-2019-9705)
   It was discovered that Cron contained a use-after-free vulnerability in
  its force_rescan_user function. An attacker could possibly use this issue
  to cause a denial of service. (CVE-2019-9706)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
   cron                            3.0pl1-128.1ubuntu1.2

Ubuntu 16.04 ESM:
   cron                            3.0pl1-128ubuntu2+esm2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5259-1
   https://ubuntu.com/security/notices/USN-5259-2
   https://ubuntu.com/security/notices/USN-5259-3
   https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1971895
   CVE-2017-9525

Package Information:
   https://launchpad.net/ubuntu/+source/cron/3.0pl1-128.1ubuntu1.2

Ubuntu 18.04 LTS USN-5259-3 Moderate: Fix Cron Regression Issues

ubuntu
Calendar Grey May 10, 2022
Dist Ubuntu Esm H88
Addresses the issues with Cron regression found in Ubuntu 16.04 and 18.04 LTS stemming from earlier system updates, alongside risks of privilege escalation.
USN-5259-1 and USN-5259-2 introduced a regression in Cron.

Summary

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation ubuntu cron regression

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: cron 3.0pl1-128.1ubuntu1.2 Ubuntu 16.04 ESM: cron 3.0pl1-128ubuntu2+esm2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5259-1

https://ubuntu.com/security/notices/USN-5259-2

https://ubuntu.com/security/notices/USN-5259-3

https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1971895

CVE-2017-9525

May 11, 2022

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation ubuntu cron regression

Package Information

https://launchpad.net/ubuntu/+source/cron/3.0pl1-128.1ubuntu1.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here