========================================================================== Ubuntu Security Notice USN-6589-1 January 18, 2024
filezilla vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: FileZilla could be made to expose sensitive information over the network. Software Description: - filezilla: Full-featured graphical FTP/FTPS/SFTP client Details: Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: filezilla 3.65.0-3ubuntu0.1 filezilla-common 3.65.0-3ubuntu0.1 Ubuntu 22.04 LTS: filezilla 3.58.0-1ubuntu0.1 filezilla-common 3.58.0-1ubuntu0.1 Ubuntu 20.04 LTS: filezilla 3.46.3-1ubuntu0.1 filezilla-common 3.46.3-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6589-1 CVE-2023-48795 Package Information: https://launchpad.net/ubuntu/+source/filezilla/3.65.0-3ubuntu0.1 https://launchpad.net/ubuntu/+source/filezilla/3.58.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/filezilla/3.46.3-1ubuntu0.1
signature.asc
Description: PGP signature
