========================================================================== Ubuntu Security Notice USN-4643-1 November 24, 2020
atftp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: atftp could be made to crash or run programs if it received specially crafted network traffic. Software Description: - atftp: Advanced TFTP Server and Client Details: It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service (crash) or possibly execute arbitrary code. (CVE-2019-11365) It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference. (CVE-2019-11366) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: atftp 0.7.git20120829-3.1~0.16.04.1 atftpd 0.7.git20120829-3.1~0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4643-1 CVE-2019-11365, CVE-2019-11366 Package Information: https://launchpad.net/ubuntu/+source/atftp/0.7.git20120829-3.1~0.16.04.1 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
