USN-4508-1: StoreBackup vulnerability

16 September 2020

StoreBackup could be made to stop executing or generate a race condition if it received a lock file in the default location.

Releases

Packages

  • storebackup - fancy compressing managing checksumming deduplicating hard-linkin

Details

It was discovered that StoreBackup did not properly manage lock files.
A local attacker could use this issue to cause a denial of service or
escalate privileges and run arbitrary code. (CVE-2020-7040)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References