Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 22.04 LTS USN-5889-1 Critical: ZoneMinder XSS And DoS

ubuntu
Calendar Grey February 27, 2023
Dist Ubuntu Esm H88
This bulletin addresses critical enhancements for ZoneMinder on Ubuntu, rectifying various vulnerabilities including XSS and buffer overflow issues.
Several security issues were fixed in ZoneMinder.

Summary

Several security issues were fixed in ZoneMinder.

Software Description:

- zoneminder: video camera security and surveillance solution

Details:

It was discovered that ZoneMinder was not properly sanitizing URL

parameters for certain views. An attacker could possibly use this issue to

perform a cross-site scripting (XSS) attack. This issue was only fixed in

Ubuntu 16.04 ESM. (CVE-2019-6777)

It was discovered that ZoneMinder was not properly sanitizing stored user

input later printed to the user in certain views. An attacker could

possibly use this issue to perform a cross-site scripting (XSS) attack.

This issue was only fixed in Ubuntu 16.04 ESM. (CVE-2019-6990,

CVE-2019-6992)

It was discovered that ZoneMinder was not properly limiting data size and

not properly performing bound checks when processing username and password

data, which could lead to a stack buffer overflow. An attacker could

possibly use this issue to bypass authentication, cause a denial of

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   zoneminder                      1.36.12+dfsg1-1ubuntu0.1~esm1

Ubuntu 20.04 LTS:
   zoneminder                      1.32.3-2ubuntu2+esm1

Ubuntu 16.04 ESM:
   zoneminder                      1.29.0+dfsg-1ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5889-1

  CVE-2019-6777, CVE-2019-6990, CVE-2019-6991, CVE-2019-6992,

  CVE-2019-7325, CVE-2019-7326, CVE-2019-7327, CVE-2019-7328,

  CVE-2019-7329, CVE-2019-7330, CVE-2019-7331, CVE-2019-7332,

  CVE-2022-29806

Severity
critical
Lowest
Low
Medium
High
Critical

February 27, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here