Explore top 10 tips to secure your open-source projects now. Read More
×
Apache Commons Net could be made to expose sensitive information
over the network.
Software Description:
- libcommons-net-java: Apache Commons Net - Java client API for basic
Internet protocols
Details:
ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted
the host from PASV responses by default. A remote attacker with a
malicious FTP server could redirect the client to another server, which
could possibly result in leaked information about services running on
the private network of the client.
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libcommons-net-java 3.6-1+deb11u1build0.22.10.1 Ubuntu 22.04 LTS: libcommons-net-java 3.6-1+deb11u1build0.22.04.1 Ubuntu 20.04 LTS: libcommons-net-java 3.6-1+deb11u1build0.20.04.1 Ubuntu 18.04 LTS: libcommons-net-java 3.6-1+deb11u1build0.18.04.1 Ubuntu 16.04 ESM: libcommons-net-java 3.4-2ubuntu2+esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6037-1
CVE-2021-37533
Get the latest Linux and open source security news straight to your inbox.