USN-5097-1: LedgerSMB vulnerabilities

30 September 2021

ledgersmb could be made to crash if it received specially crafted input.

Releases

Packages

  • ledgersmb - financial accounting and ERP program

Details

It was discovered that LedgerSMB incorrectly handled certain inputs. An
attacker could use this to leak sensitive information, cause a DoS, or
execute arbitrary code. (CVE-2021-3693, CVE-2021-3694, CVE-2021-3731)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04
Ubuntu 20.04

In general, a standard system update will make all the necessary changes.