USN-4677-1: p11-kit vulnerabilities

Releases

• Ubuntu 20.10
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• p11-kit - p11-glue utilities

Details

David Cook discovered that p11-kit incorrectly handled certain memory
operations. An attacker could use this issue to cause p11-kit to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10

• libp11-kit0 - 0.23.21-2ubuntu0.1
• p11-kit - 0.23.21-2ubuntu0.1
• p11-kit-modules - 0.23.21-2ubuntu0.1

Ubuntu 20.04

• libp11-kit0 - 0.23.20-1ubuntu0.1
• p11-kit - 0.23.20-1ubuntu0.1
• p11-kit-modules - 0.23.20-1ubuntu0.1

Ubuntu 18.04

• libp11-kit0 - 0.23.9-2ubuntu0.1
• p11-kit - 0.23.9-2ubuntu0.1
• p11-kit-modules - 0.23.9-2ubuntu0.1

Ubuntu 16.04

• libp11-kit0 - 0.23.2-5~ubuntu16.04.2
• p11-kit - 0.23.2-5~ubuntu16.04.2
• p11-kit-modules - 0.23.2-5~ubuntu16.04.2

In general, a standard system update will make all the necessary changes.

References

• CVE-2020-29362
• CVE-2020-29363
• CVE-2020-29361

Related notices

• USN-4677-2: p11-kit, libp11-kit-dev, p11-kit-modules, libp11-kit0