========================================================================== Ubuntu Security Notice USN-4530-1 September 22, 2020 debian-lan-config vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Debian-LAN could be made to change Kerberos user passwords or run programs as an administrator. Software Description: - debian-lan-config: FAI config space for the Debian-LAN system Details: Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation. (CVE-2019-3467) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: debian-lan-config 0.23+deb9u1build0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4530-1 CVE-2019-3467 Package Information: https://launchpad.net/ubuntu/+source/debian-lan-config/0.23+deb9u1build0.18.04.1