Ubuntu alert USN-8359-1 (nncp)
| From: | noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8359-1] NNCP vulnerability | |
| Date: | Mon, 01 Jun 2026 18:25:57 +0000 | |
| Message-ID: | <E1wU7Kn-00024T-8p@lists.ubuntu.com> | |
| Cc: | noreply+usn-bot@canonical.com |
========================================================================== Ubuntu Security Notice USN-8359-1 June 01, 2026 nncp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: NNCP could allow unintended access to files. Software Description: - nncp: package facilitating secure store-and-forward file and mail exchange Details: It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 nncp 8.11.0-4+deb13u1build0.25.10.1 Ubuntu 24.04 LTS nncp 8.10.0-8ubuntu0.3+esm3 Available with Ubuntu Pro Ubuntu 22.04 LTS nncp 8.5.0-1ubuntu0.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8359-1 CVE-2025-60020 Package Information: https://launchpad.net/ubuntu/+source/nncp/8.11.0-4+deb13u...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmodzaAACgkQcpJm3tlz hgGu9xAAlgH5mHNRafMd6uUc7e+r+gF/1Enl3SPaiv5w/ZV+k8w+zrgmMoWOOy7A 4JGbhMYW6F4MsfCbc4Yw861nTETwNRKTS/j2PQ/CoOlHNTl+PnzCxZoYO6blfLg5 vG0zULqYs1YnHYFSVVSa426qlXx5lszRgi68+msdF4IVj1BRBIPleGk9TjVOMICS EyhZgNIPO3Vu9FbuJNC5vB6goFE9I7LXrl3/uFDZXpV3//cR7EmJVOVeesCQViTv G+mqxS1w7DQEpPmknnUkXhaz2LTozCpIintu9qd9iPRqELKya53OqsMXVo+b3YM5 tp6lg9fwuYJqXBiRKwGLtHgKbq9KzHMDU7yiU1feipQTT7vDOgQWt+uhEayf5piE SmAZGH7jjHP9rkLlnQTJ9FNnebqH3tqcpikPfEphNyvlJA1oI44mbHpYAQeLCisN QN6rWyf1n3WU/JzNZiVyfvcBTEDMpaQT+UNxb2BXoyJgjKaznRrLa1/7W+wuugnU t7RO5d79llAEp7Mw7k8yZQ1HGGjixAeT38i6yhqvZ0AQLcf4BwcTM1WFnez7hEgN /wGogogOnI6//M2QpRh5a35SlOKhBI61WCaQbUPWHVV2bmDl/QyS/A3OL/YLhTud Ob2rJFNDE23f6AxFXcE39buTGz/8S9s7jvLed0zOBsWpbsf6lUg= =0mPx -----END PGP SIGNATURE-----