Not a user yet?
Log in Register for free Suggest a product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

USN-7647-1: LedgerSMB vulnerabilities

Ubuntu ServerUbuntu Server
Canonical
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

USN-7647-1: LedgerSMB vulnerabilities
Publication date: 17 July 2025
Overview: Several security issues were fixed in LedgerSMB.

Packages
ledgersmb - A libre software double entry accounting and enterprise resource planning (ERP) system

Details
It was discovered that LedgerSMB did not check the origin of HTML
fragments. An attacker could possibly use this issue to send a
maliciously crafted URL to the server and obtain sensitive
information, or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04.
(CVE-2021-3693)

It was discovered that LedgerSMB did not properly encode HTML
error messages. An attacker could possibly use this issue to send
a maliciously crafted URL to the server and obtain sensitive
information, or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2021-3694)

It was discovered that LedgerSMB did not guard against discrete
link redirections. An attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-3731)

It was discovered that LedgerSMB did not properly set the ‘Secure’
attribute during HTTPS sessions. If a user were tricked into using
an unencrypted connection, an attacker could possibly use this
issue to obtain sensitive information. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.04. (CVE-2021-3882)

It was discovered that LedgerSMB could create admin accounts via
a URL. If an admin were tricked into clicking a maliciously
crafted URL, an attacker could possibly use this issue to
achieve privilege escalation. This issue only affected Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04.
(CVE-2024-23831)

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version

  • 25.04 plucky: ledgersmb – 1.6.33+ds-2.2ubuntu0.25.04.1
  • 24.04 noble: ledgersmb – 1.6.33+ds-2.1ubuntu0.1
  • 22.04 jammy: ledgersmb – 1.6.33+ds-1ubuntu0.1
  • 20.04 focal: ledgersmb – 1.6.9+ds-1ubuntu0.1+esm1
  • 18.04 bionic: ledgersmb – 1.4.42+ds-1ubuntu0.1~esm1
  • 16.04 xenial: ledgersmb – 1.3.46-1ubuntu0.1~esm1
Version: 24.04 LTS Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Canonical Ubuntu Server updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad