Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Ubuntu 23.10: USN-6589-1 moderate: filezilla information exposure

ubuntu
Calendar Grey January 18, 2024
Dist Ubuntu Esm H88
A critical flaw in FileZilla affects multiple Ubuntu releases, posing a threat to confidential information. Please upgrade without delay.
FileZilla could be made to expose sensitive information over the network.

Summary

FileZilla could be made to expose sensitive information over the

network.

Software Description:

- filezilla: Full-featured graphical FTP/FTPS/SFTP client

Details:

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH

protocol used in FileZilla is prone to a prefix truncation attack, known as

the "Terrapin attack". A remote attacker could use this issue to downgrade or

disable some security features and obtain sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  filezilla                       3.65.0-3ubuntu0.1
  filezilla-common                3.65.0-3ubuntu0.1

Ubuntu 22.04 LTS:
  filezilla                       3.58.0-1ubuntu0.1
  filezilla-common                3.58.0-1ubuntu0.1

Ubuntu 20.04 LTS:
  filezilla                       3.46.3-1ubuntu0.1
  filezilla-common                3.46.3-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6589-1

CVE-2023-48795

Ubuntu Security Notice USN-6589-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.