USN-5187-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5187-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5187-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5187-1

Related

Published

2022-07-25T12:04:48.753373Z

Modified

2022-07-25T12:04:48.753373Z

Summary

glances vulnerability

Details

It was discovered that Glances incorrectly parsed untrusted XML data due to usage of xmlrpclib. An attacker could possibly use this to perform an External Entity (XXE) Injection and cause the host system to crash.

References

Affected packages

Ubuntu:Pro:16.04:LTS / glances

Package

Name: glances
Purl: pkg:deb/ubuntu/glances?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3-1ubuntu0.1~esm1

Affected versions

2.*

2.3-1build1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.3-1ubuntu0.1~esm1",
            "binary_name": "glances"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / glances

Package

Name: glances
Purl: pkg:deb/ubuntu/glances?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.1-3ubuntu0.1~esm1

Affected versions

2.*

2.10-2

2.11.1-1

2.11.1-2

2.11.1-3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.11.1-3ubuntu0.1~esm1",
            "binary_name": "glances"
        },
        {
            "binary_version": "2.11.1-3ubuntu0.1~esm1",
            "binary_name": "glances-doc"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / glances

Package

Name: glances
Purl: pkg:deb/ubuntu/glances?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.3-1ubuntu0.1~esm1

Affected versions

3.*

3.1.0-1

3.1.1-1

3.1.3-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.1.3-1ubuntu0.1~esm1",
            "binary_name": "glances"
        },
        {
            "binary_version": "3.1.3-1ubuntu0.1~esm1",
            "binary_name": "glances-doc"
        }
    ]
}