- Vulnerability/
- USN-3704-1
USN-3704-1: devscripts vulnerability
First published: Thu Jul 05 2018(Updated: )
It was discovered that devscripts incorrectly handled certain YAML files. An attacker could possibly use this to execute arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/devscripts | <2.17.12ubuntu1.1 | 2.17.12ubuntu1.1 |
| =18.04 | ||
| All of | ||
| ubuntu/devscripts | <2.17.9ubuntu0.1 | 2.17.9ubuntu0.1 |
| =17.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is USN-3704-1.
What is the title of this vulnerability?
The title of this vulnerability is USN-3704-1: devscripts vulnerability.
What is the description of this vulnerability?
The description of this vulnerability is that devscripts incorrectly handles certain YAML files, which could allow an attacker to execute arbitrary code.
Which software is affected by this vulnerability?
The devscripts package with versions up to and excluding 2.17.12ubuntu1.1 on Ubuntu 18.04, and devscripts package with versions up to and excluding 2.17.9ubuntu0.1 on Ubuntu 17.10 are affected.
How can I fix this vulnerability?
To fix this vulnerability, update devscripts package to version 2.17.12ubuntu1.1 on Ubuntu 18.04, or update devscripts package to version 2.17.9ubuntu0.1 on Ubuntu 17.10.
- agent/references
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/title
- agent/tags
- agent/description
- agent/event
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/17.10