USN-4457-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-4457-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4457-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-4457-1
Upstream
Related
Published
2020-08-12T13:56:37.106008Z
Modified
2025-10-13T04:35:12Z
Summary
software-properties vulnerability
Details

Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen.

References

Affected packages

Ubuntu:16.04:LTS / software-properties

Package

Name
software-properties
Purl
pkg:deb/ubuntu/software-properties@0.96.20.10?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.96.20.10

Affected versions

0.*

0.96.13
0.96.15
0.96.16
0.96.17
0.96.18
0.96.20
0.96.20.1
0.96.20.2
0.96.20.3
0.96.20.4
0.96.20.5
0.96.20.6
0.96.20.7
0.96.20.8
0.96.20.9

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.96.20.10",
            "binary_name": "python-software-properties"
        },
        {
            "binary_version": "0.96.20.10",
            "binary_name": "python3-software-properties"
        },
        {
            "binary_version": "0.96.20.10",
            "binary_name": "software-properties-common"
        },
        {
            "binary_version": "0.96.20.10",
            "binary_name": "software-properties-gtk"
        },
        {
            "binary_version": "0.96.20.10",
            "binary_name": "software-properties-kde"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2020-15709"
        }
    ],
    "ecosystem": "Ubuntu:16.04:LTS"
}

Ubuntu:18.04:LTS / software-properties

Package

Name
software-properties
Purl
pkg:deb/ubuntu/software-properties@0.96.24.32.14?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.96.24.32.14

Affected versions

0.*

0.96.24.17
0.96.24.19
0.96.24.20
0.96.24.21
0.96.24.22
0.96.24.23
0.96.24.24
0.96.24.25
0.96.24.26
0.96.24.27
0.96.24.28
0.96.24.31
0.96.24.32.1
0.96.24.32.2
0.96.24.32.3
0.96.24.32.4
0.96.24.32.5
0.96.24.32.6
0.96.24.32.7
0.96.24.32.8
0.96.24.32.9
0.96.24.32.11
0.96.24.32.12
0.96.24.32.13

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.96.24.32.14",
            "binary_name": "python3-software-properties"
        },
        {
            "binary_version": "0.96.24.32.14",
            "binary_name": "software-properties-common"
        },
        {
            "binary_version": "0.96.24.32.14",
            "binary_name": "software-properties-gtk"
        },
        {
            "binary_version": "0.96.24.32.14",
            "binary_name": "software-properties-kde"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2020-15709"
        }
    ],
    "ecosystem": "Ubuntu:18.04:LTS"
}

Ubuntu:20.04:LTS / software-properties

Package

Name
software-properties
Purl
pkg:deb/ubuntu/software-properties@0.98.9.2?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.98.9.2

Affected versions

0.*

0.98.5
0.98.6
0.98.7
0.98.9
0.98.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.98.9.2",
            "binary_name": "python3-software-properties"
        },
        {
            "binary_version": "0.98.9.2",
            "binary_name": "software-properties-common"
        },
        {
            "binary_version": "0.98.9.2",
            "binary_name": "software-properties-gtk"
        },
        {
            "binary_version": "0.98.9.2",
            "binary_name": "software-properties-qt"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2020-15709"
        }
    ],
    "ecosystem": "Ubuntu:20.04:LTS"
}