Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS: USN-4517-1 Critical: Email-Address-List DoS

ubuntu
Calendar Grey September 18, 2020
Dist Ubuntu Esm H88
This advisory warns of a vulnerability in the Email-Address-List module for various Ubuntu versions, potentially risking privacy and system integrity
Email-Address-List could be made to remotely exhaust resources if it received specially crafted email data.

Summary

Email-Address-List could be made to remotely exhaust resources if it

received specially crafted email data.

Software Description:

- libemail-address-list-perl: RFC close address list parsing

Details:

It was discovered that Email-Address-List does not properly parse email

addresses during email-ingestion. A remote attacker could use this issue

to cause an algorithmic complexity attack, resulting in a denial of

service. (CVE-2018-18898)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libemail-address-list-perl      0.05-1+deb9u1build0.18.04.1

Ubuntu 16.04 LTS:
  libemail-address-list-perl      0.05-1+deb9u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4517-1

CVE-2018-18898

Severity
critical
Lowest
Low
Medium
High
Critical

September 17, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here