========================================================================== Ubuntu Security Notice USN-7360-1 March 20, 2025
alpine vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Alpine. Software Description: - alpine: Text-based email client, friendly for novices but powerful Details: It was discovered that Alpine did not use a secure connection under certain circumstances. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2020-14929) It was discovered that Alpine could allow untagged responses from an IMAP server before upgrading to a TLS connection. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2021-38370) It was discovered that Alpine could crash when receiving certain SMTP commands. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-46853) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS alpine 2.22+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro alpine-pico 2.22+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro pilot 2.22+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS alpine 2.21+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro alpine-pico 2.21+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro pilot 2.21+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS alpine 2.20+dfsg1-2ubuntu0.1~esm1 Available with Ubuntu Pro alpine-pico 2.20+dfsg1-2ubuntu0.1~esm1 Available with Ubuntu Pro pilot 2.20+dfsg1-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7360-1 CVE-2020-14929, CVE-2021-38370, CVE-2021-46853
OpenPGP_signature.asc
Description: OpenPGP digital signature
