USN-4518-1: xawtv vulnerability
17 September 2020
xawtv could be made to expose sensitive information and escalate user privileges if it received specially crafted input.
Releases
Packages
- xawtv - X11 program for watching TV
Details
Matthias Gerstner discovered that xawtv incorrectly handled opening files.
A local attacker could possibly use this issue to open and write to
arbitrary files and escalate privileges. (CVE-2020-13696)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
alevtd
-
3.103-3+deb8u1build0.16.04.1
-
fbtv
-
3.103-3+deb8u1build0.16.04.1
-
pia
-
3.103-3+deb8u1build0.16.04.1
-
radio
-
3.103-3+deb8u1build0.16.04.1
-
scantv
-
3.103-3+deb8u1build0.16.04.1
-
streamer
-
3.103-3+deb8u1build0.16.04.1
-
ttv
-
3.103-3+deb8u1build0.16.04.1
-
v4l-conf
-
3.103-3+deb8u1build0.16.04.1
-
webcam
-
3.103-3+deb8u1build0.16.04.1
-
xawtv
-
3.103-3+deb8u1build0.16.04.1
-
xawtv-plugin-qt
-
3.103-3+deb8u1build0.16.04.1
-
xawtv-plugins
-
3.103-3+deb8u1build0.16.04.1
-
xawtv-tools
-
3.103-3+deb8u1build0.16.04.1
In general, a standard system update will make all the necessary changes.