-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmeZhOYFAwAAAAAACgkQuGrtzot7pOeu
nQwAiQWi2OCg8DUKT2P2TN4IRFYBRPZbocLNxtCiwO4PFTAP1DtK7Th+d55H+bCmxS5Qx8mxKNpW
1dSlhucCJwOwM/LSaKIYlzkxfm5wPvMvhi2z0Q6zOaEYD4uvyPP4DgIgD/X4GmGHbBapcseXKAr0
QEAg4vkSHw8HLyetyIzEHKrEz3asobnbu2vNhjmqdhF3g/djyil2rPrfAwMQe53aVbIs5QdJIMpn
hZS8Y+l/KMOsnlWd0RjVBR4/IJKrGRn4TaORmnISA28Buo43x397tGkXlvP5rqIeJbEYU2rcqYLS
k0Imts+aT2Xe7zTPlaVNsNnFBUQR/WcTja557PtwMiwQUNFeuq9KIbf8BAyoErvecIygdREcJ1PI
wH9ihJKECr4/jLWh/6ENuHxuaalY0mkJehkklDXWy8Y+nsWb+60IqhYYNT6h6gQPWt68oI8L33ba
BbgQhn2pkW82dreSgDv/8av3F7lwXSEWXtuhzslpco+JNB5AOax7AAre5orc
=fxst
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7239-1
January 28, 2025
libmicrodns vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in libmicrodns.
Software Description:
- libmicrodns: minimal mDNS resolver and announcer library
Details:
It was discovered that libmicrodns could recursively follow the same
compression pointer, leading to an infinite loop. An attacker could
possibly use this issue to cause a denial of service. (CVE-2020-6071)
It was discovered that libmicrodns did not check the return value of the
rr_decode function, which could lead to a double free. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2020-6072)
It was discovered that libmicrodns incorrectly handled certain inputs,
which could lead to an integer overflow. An attacker could possibly use
this issue to cause a denial of service. (CVE-2020-6073)
It was discovered that libmicrodns incorrectly handled certain inputs,
which could lead to a out-of-bounds read. An attacker could possibly use
this issue to cause a denial of service. (CVE-2020-6077)
It was discovered that libmicrodns incorrectly handled memory when parsing
mDNS messages in mdns_recv, which could lead to a NULL pointer dereference.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-6078)
It was discovered that libmicrodns incorrectly handled memory, which could
lead to excessive memory consumption due to memory leaks. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2020-6079, CVE-2020-6080)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libmicrodns0 0.0.8-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7239-1
CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077,
CVE-2020-6078, CVE-2020-6079, CVE-2020-6080
No comments:
Post a Comment