========================================================================== Ubuntu Security Notice USN-4649-2 January 12, 2021 xdg-utils regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-4649-1 introduced a regression in xdg-utils. Software Description: - xdg-utils: desktop integration utilities from freedesktop.org Details: USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Original advisory details: Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: xdg-utils 1.1.3-2ubuntu1.20.10.2 Ubuntu 20.04 LTS: xdg-utils 1.1.3-2ubuntu1.20.04.2 Ubuntu 18.04 LTS: xdg-utils 1.1.2-1ubuntu2.5 Ubuntu 16.04 LTS: xdg-utils 1.1.1-1ubuntu1.16.04.5 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4649-2 https://usn.ubuntu.com/4649-1 https://launchpad.net/bugs/1909941 Package Information: https://launchpad.net/ubuntu/+source/xdg-utils/1.1.3-2ubuntu1.20.10.2 https://launchpad.net/ubuntu/+source/xdg-utils/1.1.3-2ubuntu1.20.04.2 https://launchpad.net/ubuntu/+source/xdg-utils/1.1.2-1ubuntu2.5 https://launchpad.net/ubuntu/+source/xdg-utils/1.1.1-1ubuntu1.16.04.5