Headline
Ubuntu Security Notice USN-6879-1
Ubuntu Security Notice 6879-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
==========================================================================Ubuntu Security Notice USN-6879-1July 04, 2024virtuoso-opensource vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Virtuoso Open-Source Edition could be made to crash if it receivedspecially crafted input.Software Description:- virtuoso-opensource: high-performance databaseDetails:Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.(CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626,CVE-2023-31627, CVE-2023-31629, CVE-2023-31630, CVE-2023-31631,CVE-2023-48951)Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.(CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48950)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS virtuoso-opensource 7.2.5.1+dfsg1-0.8ubuntu0.1~esm2 Available with Ubuntu Pro virtuoso-opensource-7 7.2.5.1+dfsg1-0.8ubuntu0.1~esm2 Available with Ubuntu Pro virtuoso-opensource-7-bin 7.2.5.1+dfsg1-0.8ubuntu0.1~esm2 Available with Ubuntu ProUbuntu 22.04 LTS virtuoso-opensource 7.2.5.1+dfsg1-0.2ubuntu0.1~esm2 Available with Ubuntu Pro virtuoso-opensource-7 7.2.5.1+dfsg1-0.2ubuntu0.1~esm2 Available with Ubuntu Pro virtuoso-opensource-7-bin 7.2.5.1+dfsg1-0.2ubuntu0.1~esm2 Available with Ubuntu ProUbuntu 20.04 LTS virtuoso-opensource 6.1.6+repack-0ubuntu10+esm2 Available with Ubuntu Pro virtuoso-opensource-6.1 6.1.6+repack-0ubuntu10+esm2 Available with Ubuntu Pro virtuoso-opensource-6.1-bin 6.1.6+repack-0ubuntu10+esm2 Available with Ubuntu ProUbuntu 18.04 LTS virtuoso-opensource 6.1.6+repack-0ubuntu9+esm2 Available with Ubuntu Pro virtuoso-opensource-6.1 6.1.6+repack-0ubuntu9+esm2 Available with Ubuntu Pro virtuoso-opensource-6.1-bin 6.1.6+repack-0ubuntu9+esm2 Available with Ubuntu ProUbuntu 16.04 LTS virtuoso-opensource 6.1.6+repack-0ubuntu5+esm2 Available with Ubuntu Pro virtuoso-opensource-6.1 6.1.6+repack-0ubuntu5+esm2 Available with Ubuntu Pro virtuoso-opensource-6.1-bin 6.1.6+repack-0ubuntu5+esm2 Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6879-1 CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626, CVE-2023-31627, CVE-2023-31629, CVE-2023-31630, CVE-2023-31631, CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48950, CVE-2023-48951Related news
An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.