Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Critical Tang Key Access Vulnerability in Ubuntu 23.04 USN-6489-1

ubuntu
Calendar Grey November 20, 2023
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-6490-1 highlights a critical flaw in the curl library, which may permit unauthorized exposure of sensitive data.
Tang could allow unintended access to secret keys.

Summary

Tang could allow unintended access to secret keys.

Software Description:

- tang: network-based cryptographic binding server

Details:

Brian McDermott discovered that Tang incorrectly handled permissions when

creating/rotating keys. A local attacker could possibly use this issue to

read the keys.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   tang-common                     11-2ubuntu0.1

Ubuntu 22.04 LTS:
   tang-common                     11-1ubuntu0.1

Ubuntu 20.04 LTS:
   tang                            7-1ubuntu0.2

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   tang                            6-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6489-1

  CVE-2023-1672

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6489-1

Package Information

  https://launchpad.net/ubuntu/+source/tang/11-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/tang/11-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/tang/7-1ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here