Ubuntu 6283 Published by

An IPMItool security update has been released for Ubuntu Linux 16.04 ESM, 18.04 LTS, and 20.04 LTS.



USN-5997-1: IPMItool vulnerability


==========================================================================
Ubuntu Security Notice USN-5997-1
April 04, 2023

ipmitool vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

IPMItool could be made to crash or run programs if it received specially
crafted input.

Software Description:
- ipmitool: utility for IPMI control with kernel driver or LAN interface (dae

Details:

It was discovered that IPMItool was not properly checking the data received
from a remote LAN party. A remote attacker could possibly use this issue to
to cause a crash or arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
ipmitool 1.8.18-8ubuntu0.1

Ubuntu 18.04 LTS:
ipmitool 1.8.18-5ubuntu0.2

Ubuntu 16.04 ESM:
ipmitool 1.8.16-3ubuntu0.2+esm1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5997-1
CVE-2020-5208

Package Information:
  https://launchpad.net/ubuntu/+source/ipmitool/1.8.18-8ubuntu0.1
  https://launchpad.net/ubuntu/+source/ipmitool/1.8.18-5ubuntu0.2