========================================================================== Ubuntu Security Notice USN-4405-1 June 29, 2020
glib-networking vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. Software Description: - glib-networking: Network extensions for GLib Details: It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: glib-networking 2.64.2-1ubuntu0.1 Ubuntu 19.10: glib-networking 2.62.1-1ubuntu0.1 Ubuntu 18.04 LTS: glib-networking 2.56.0-1ubuntu0.1 Ubuntu 16.04 LTS: glib-networking 2.48.2-1~ubuntu16.04.2 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4405-1 CVE-2020-13645 Package Information: https://launchpad.net/ubuntu/+source/glib-networking/2.64.2-1ubuntu0.1 https://launchpad.net/ubuntu/+source/glib-networking/2.62.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/glib-networking/2.56.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/glib-networking/2.48.2-1~ubuntu16.04.2
signature.asc
Description: PGP signature
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
