Several security issues were fixed in atftpd.. =========================================================================Ubuntu Security Notice USN-4540-1 September 24, 2020 atftp vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in atftpd. Software Description: - atftp: Advanced TFTP Server and Client Details: Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. (CVE-2019-11365) Denis Andzakovic discovered that atftpd did not properly lock the thread list mutex. An attacker could send a large number of tftpd packets simultaneously when running atftpd in daemon mode to cause atftpd to crash, resulting in a denial of service. (CVE-2019-11366) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: atftpd 0.7.git20120829-3.1~0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4540-1 CVE-2019-11365, CVE-2019-11366 Package Information: https://launchpad.net/ubuntu/+source/atftp/0.7.git20120829-3.1~0.18.04.1 . Multiple vulnerabilities addressed in atftpd for Ubuntu 18.04. It is advisable to perform an update to ensure system safety and reliability.. atftp vulnerabilities, Ubuntu update, security issues, denial of service, remote exploitation. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.