Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 16.04 LTS USN-4518-1 Moderate: xawtv Information Exposure

ubuntu
Calendar Grey September 17, 2020
Dist Ubuntu Esm H88
Important Ubuntu Security Bulletin USN-4518-1 highlights a vulnerability in xawtv and provides essential remediation steps.
xawtv could be made to expose sensitive information and escalate user privileges if it received specially crafted input.

Summary

xawtv could be made to expose sensitive information and escalate

user privileges if it received specially crafted input.

Software Description:

- xawtv: X11 program for watching TV

Details:

Matthias Gerstner discovered that xawtv incorrectly handled opening files.

A local attacker could possibly use this issue to open and write to

arbitrary files and escalate privileges. (CVE-2020-13696)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  alevtd                          3.103-3+deb8u1build0.16.04.1
  fbtv                            3.103-3+deb8u1build0.16.04.1
  pia                             3.103-3+deb8u1build0.16.04.1
  radio                           3.103-3+deb8u1build0.16.04.1
  scantv                          3.103-3+deb8u1build0.16.04.1
  streamer                        3.103-3+deb8u1build0.16.04.1
  ttv                             3.103-3+deb8u1build0.16.04.1
  v4l-conf                        3.103-3+deb8u1build0.16.04.1
  webcam                          3.103-3+deb8u1build0.16.04.1
  xawtv                           3.103-3+deb8u1build0.16.04.1
  xawtv-plugin-qt                 3.103-3+deb8u1build0.16.04.1
  xawtv-plugins                   3.103-3+deb8u1build0.16.04.1
  xawtv-tools                     3.103-3+deb8u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4518-1

CVE-2020-13696

Severity
important
Lowest
Low
Medium
High
Critical

September 17, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here