Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 20.04 LTS USN-6282-1 Critical: Velocity Tools Arbitrary Code

ubuntu
Calendar Grey August 10, 2023
Dist Ubuntu Esm H88
Resolving the vulnerability within Velocity Tools could lead to unauthorized code execution on Ubuntu machines. Critical patches have been released.
Velocity Tools could be made to run arbitrary code if it opened a specially crafted file.

Summary

Velocity Tools could be made to run arbitrary code if it opened a specially

crafted file.

Software Description:

- velocity-tools: A subproject of the Apache Velocity project

Details:

Jackson Henry discovered that Velocity Tools incorrectly handled certain

inputs. If a user or an automated system were tricked into opening a specially

crafted input file, a remote attacker could possibly use this issue to execute

arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   libvelocity-tools-java          2.0-7ubuntu0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   libvelocity-tools-java          2.0-7ubuntu0.18.04.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   libvelocity-tools-java          2.0-4ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6282-1

CVE-2020-13959

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6282-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here