Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
172
security advisorydenial of servicecriticalUbuntu 23.04 Security Notice: 6375-1 atftp Denial of Service Vulnerability
atftp could be made to crash if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-6375-1 September 15, 2023 atftp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: atftp could be made to crash if it received specially crafted network traffic. Software Description: - atftp: Advanced TFTP Server and Client Details: Florian Fainelli discovered that atftp did not properly manage requests made to a non-existent file, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: atftpd 0.8.0-3build0.23.04.1 Ubuntu 22.04 LTS: atftpd 0.7.git20210915-4build1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6375-1 https://bugs.launchpad.net/ubuntu/+source/atftp/+bug/1989816 Package Information: https://launchpad.net/ubuntu/+source/atftp/0.8.0-3build0.23.04.1 https://launchpad.net/ubuntu/+source/atftp/0.7.git20210915-4build1 . A critical vulnerability in the atftp package on Ubuntu may allow remote attackers to trigger a denial of service. Users should apply patches urgently. atftp vulnerability, Ubuntu security update, denial of service, remote exploit, critical advisory. . Severity: Critical. LinuxSecurity.com Team
Sep 15, 2023
•Critical
Ubuntu
172
security advisorysecurity issueremote exploitUbuntu 20.04 LTS USN-6334-1 Critical: atftp Input Flaws and Exploits
Several security issues were fixed in atftp.. ========================================================================== Ubuntu Security Notice USN-6334-1 September 04, 2023 atftp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in atftp. Software Description: - atftp: Advanced TFTP Server and Client Details: Peter Wang discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. (CVE-2020-6097) Andreas B. Mundt discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. (CVE-2021-41054) Johannes Krupp discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server and make the server to disclose /etc/group data. (CVE-2021-46671) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: atftpd 0.7.git20120829-3.1ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): atftpd 0.7.git20120829-3.1~0.18.04.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): atftpd 0.7.git20120829-3.1~0.16.04.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6334-1 CVE-2020-6097, CVE-2021-41054, CVE-2021-46671 Package Information: https://launchpad.net/ubuntu/+source/atftp/0.7.git20120829-3.1ubuntu0.1 . A number of security flaws in atftp have been identified, impacting various Ubuntu LTS versions, along withdetailed remediation steps provided.. atftp Vulnerabilities, Ubuntu Update, Remote Exploit. . Severity: Critical. LinuxSecurity.com Team
Sep 04, 2023
•Critical
Ubuntu
197
security advisorybuffer overrunremote accessDebian LTS: DLA-3028-1 atftp Buffer Overrun Risk Advisory
An issue has been found in package atftp, an advanced TFTP client/server. Due to missing bound checks, data could be read behind a buffer so that . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3028-1
May 26, 2022
•Important
Debian LTS
100
security advisorysecurity updateinformation leakSUSE: 2022:0881-1 Minor Issue: atftp Data Exposure Patch
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for atftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0881-1 Rating: low References: #1195619 Cross-References: CVE-2021-46671 CVSS scores: CVE-2021-46671 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-46671 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for atftp fixes the following issues: - CVE-2021-46671: Fixed a potential information leak in atftpd (bsc#1195619). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-881=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): atftp-0.7.0-160.14.1 atftp-debuginfo-0.7.0-160.14.1 atftp-debugsource-0.7.0-160.14.1 References: https://www.suse.com/security/cve/CVE-2021-46671.html https://bugzilla.suse.com/1195619 . The latest atftp update addresses a minor information leak vulnerability classified as low severity. Refer to the patch instructions for steps on how to apply the fix.. SUSE Linux Enterprise, atftp update, security patch, information leak. . Severity: Low. LinuxSecurity.com Team
Mar 16, 2022
•Low
SuSE
197
security advisorydenial of servicebuffer overflowDebian 9: DLA-2820-1 Moderate: Atftp Buffer Overflow Threat
Two issues have been found in atftp, an advanced TFTP client. Both are related to sending crafted requests to the server and triggering a denial-of-service due to for example a buffer overflow. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2820-1
Nov 16, 2021
Debian LTS
100
security advisorymoderatebuffer overflowSUSE: 2021:3240-2 Moderate Security Patch for ntfs-3g Vulnerability
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for atftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3237-1 Rating: moderate References: #1190522 Cross-References: CVE-2021-41054 CVSS scores: CVE-2021-41054 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for atftp fixes the following issues: - CVE-2021-41054: Fixed buffer overflow caused by combination of data, OACK, and other options (bsc#1190522). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3237=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): atftp-0.7.0-160.11.1 atftp-debuginfo-0.7.0-160.11.1 atftp-debugsource-0.7.0-160.11.1 References: https://www.suse.com/security/cve/CVE-2021-41054.html https://bugzilla.suse.com/1190522 . The latest SUSE Security Update addresses a critical buffer overflow vulnerability in atftp. Advisory ID: SUSE-SU-2021:3245-1. SUSE Linux Enterprise, atftp security update, software vulnerability fix. . LinuxSecurity.com Team
Sep 27, 2021
SuSE
198
security advisorydenial of servicemedium severityUbuntu Security Notice: USN-4500-1 Critical: python3.8 Vulnerability
The package atftp before version 0.7.2-3 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-202101-24 ========================================= Severity: Medium Date : 2021-01-12 CVE-ID : CVE-2020-6097 Package : atftp Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1395 Summary ====== The package atftp before version 0.7.2-3 is vulnerable to denial of service. Resolution ========= Upgrade to 0.7.2-3. # pacman -Syu "atftp> =0.7.2-3" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.2. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. Impact ===== A malicious remote user might crash the application by performing a sequence of crafted queries. References ========= https://bugs.archlinux.org/task/69175 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 https://security.archlinux.org/CVE-2020-6097 . The security notice for Arch Linux, ASA-202102-48, informs users of a moderate risk buffer overflow vulnerability found in the package xyztool, which affects versions before 1.4.1-2.. Arch Linux, atftp, denial of service, security advisory. . Severity: Medium. LinuxSecurity.com Team
Jan 15, 2021
•Medium
ArchLinux
172
security advisorydenial of servicecritical issueUbuntu 16.04 LTS USN-4643-1 Critical: atftp Denial Of Service Issue
atftp could be made to crash or run programs if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-4643-1 November 24, 2020 atftp vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: atftp could be made to crash or run programs if it received specially crafted network traffic. Software Description: - atftp: Advanced TFTP Server and Client Details: It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service (crash) or possibly execute arbitrary code. (CVE-2019-11365) It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference. (CVE-2019-11366) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: atftp 0.7.git20120829-3.1~0.16.04.1 atftpd 0.7.git20120829-3.1~0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4643-1 CVE-2019-11365, CVE-2019-11366 Package Information: https://launchpad.net/ubuntu/+source/atftp/0.7.git20120829-3.1~0.16.04.1 -- ubuntu-security-announce mailing list
Nov 24, 2020
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!