USN-4523-1: LibOFX vulnerability

21 September 2020

LibOFX could be made to crash.

Releases

Packages

  • libofx - client-side implementation of Open Financial Exchange specification

Details

It was discovered that LibOFX did not properly check for errors in certain
situations, leading to a NULL pointer dereference. A remote attacker could
use this issue to cause a denial of service attack. (CVE-2019-9656)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References