Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Ubuntu 23.10: USN-6589-1 moderate: filezilla information exposure

ubuntu
Calendar Grey January 18, 2024
Dist Ubuntu Esm H88
A critical flaw in FileZilla affects multiple Ubuntu releases, posing a threat to confidential information. Please upgrade without delay.
FileZilla could be made to expose sensitive information over the network.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: FileZilla could be made to expose sensitive information over the network. Software Description: - filezilla: Full-featured graphical FTP/FTPS/SFTP client Details: Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information.

Topics%20covered

Topics Covered

security advisory moderate threat information exposure ubuntu ssh filezilla

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: filezilla 3.65.0-3ubuntu0.1 filezilla-common 3.65.0-3ubuntu0.1 Ubuntu 22.04 LTS: filezilla 3.58.0-1ubuntu0.1 filezilla-common 3.58.0-1ubuntu0.1 Ubuntu 20.04 LTS: filezilla 3.46.3-1ubuntu0.1 filezilla-common 3.46.3-1ubuntu0.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6589-1

CVE-2023-48795

Ubuntu Security Notice USN-6589-1

Topics%20covered

Topics Covered

security advisory moderate threat information exposure ubuntu ssh filezilla

Package Information

https://launchpad.net/ubuntu/+source/filezilla/3.46.3-1ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here