UBUNTU-CVE-2016-20011
- Source
- https://ubuntu.com/security/CVE-2016-20011
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-20011.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2016-20011
- Related
- Published
- 2021-05-25T21:15:00Z
- Modified
- 2025-06-03T17:31:19Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / libgrss
Package
- Name
- libgrss
- Purl
- pkg:deb/ubuntu/libgrss@0.7.0-2?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / libgrss
Package
- Name
- libgrss
- Purl
- pkg:deb/ubuntu/libgrss@0.7.0-2?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / libgrss
Package
- Name
- libgrss
- Purl
- pkg:deb/ubuntu/libgrss@0.7.0-2?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / libgrss
Package
- Name
- libgrss
- Purl
- pkg:deb/ubuntu/libgrss@0.7.0-2?arch=source&distro=jammy