Headline
Ubuntu Security Notice USN-5482-1
Ubuntu Security Notice 5482-1 - It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. Charles Fol and Theo Gordyjan discovered that SPIP is vulnerable to cross site scripting. If a user were tricked into browsing a malicious SVG file, an attacker could possibly exploit this issue to execute arbitrary code. This issue was only fixed in Ubuntu 21.10.
==========================================================================Ubuntu Security Notice USN-5482-1June 16, 2022spip vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 21.10- Ubuntu 18.04 LTSSummary:Several security issues were fixed in SPIP.Software Description:- spip: website engine for publishingDetails:It was discovered that SPIP incorrectly validated inputs. An authenticatedattacker could possibly use this issue to execute arbitrary code.(CVE-2020-28984)Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to CrossSite Scripting (XSS). If a user were tricked into browsing a malicious SVGfile, an attacker could possibly exploit this issue to execute arbitrarycode. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118,CVE-2021-44120, CVE-2021-44122, CVE-2021-44123)It was discovered that SPIP incorrectly handled certain forms. A remoteauthenticated editor could possibly use this issue to execute arbitrary code,and a remote unauthenticated attacker could possibly use this issue to obtainsensitive information. (CVE-2022-26846, CVE-2022-26847)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 21.10: spip 3.2.11-3+deb11u3build0.21.10.1Ubuntu 18.04 LTS: spip 3.1.4-4~deb9u5build0.18.04.1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5482-1 CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123, CVE-2022-26846, CVE-2022-26847Package Information: https://launchpad.net/ubuntu/+source/spip/3.2.11-3+deb11u3build0.21.10.1 https://launchpad.net/ubuntu/+source/spip/3.1.4-4~deb9u5build0.18.04.1
Related news
Ubuntu Security Notice 5482-2 - USN-5482-1 fixed several vulnerabilities in SPIP. This update provides the corresponding updates for Ubuntu 20.04 LTS for CVE-2021-44118, CVE-2021-44120,CVE-2021-44122 and CVE-2021-44123. It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.