Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Ubuntu 22.10: USN-6037-1 Moderate: Apache Commons Net Information Leak

ubuntu
Calendar Grey April 28, 2023
Dist Ubuntu Esm H88
Remain informed about the Apache Commons Net vulnerability impacting several Ubuntu versions as of April 2023.
Apache Commons Net could be made to expose sensitive information over the network.

Summary

Apache Commons Net could be made to expose sensitive information

over the network.

Software Description:

- libcommons-net-java: Apache Commons Net - Java client API for basic

Internet protocols

Details:

ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted

the host from PASV responses by default. A remote attacker with a

malicious FTP server could redirect the client to another server, which

could possibly result in leaked information about services running on

the private network of the client.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
    libcommons-net-java             3.6-1+deb11u1build0.22.10.1

Ubuntu 22.04 LTS:
    libcommons-net-java             3.6-1+deb11u1build0.22.04.1

Ubuntu 20.04 LTS:
    libcommons-net-java             3.6-1+deb11u1build0.20.04.1

Ubuntu 18.04 LTS:
    libcommons-net-java             3.6-1+deb11u1build0.18.04.1

Ubuntu 16.04 ESM:
    libcommons-net-java             3.4-2ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6037-1

  CVE-2021-37533

Severity
important
Lowest
Low
Medium
High
Critical

April 28, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.