USN-4457-1: Software Properties vulnerability

12 August 2020

Software Properties could be made to manipulate the display.

Releases

Packages

Details

Jason A. Donenfeld discovered that Software Properties incorrectly filtered
certain escape sequences when displaying PPA descriptions. If a user were
tricked into adding an arbitrary PPA, a remote attacker could possibly
manipulate the screen.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References

Related notices

  • USN-4457-2: python-software-properties, software-properties-common, python3-software-properties, software-properties-gtk, software-properties-kde, software-properties