Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6879-1

Ubuntu Security Notice 6879-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.

Packet Storm
#sql#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6879-1July 04, 2024virtuoso-opensource vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Virtuoso Open-Source Edition could be made to crash if it receivedspecially crafted input.Software Description:- virtuoso-opensource: high-performance databaseDetails:Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.(CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626,CVE-2023-31627, CVE-2023-31629, CVE-2023-31630, CVE-2023-31631,CVE-2023-48951)Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.(CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48950)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   virtuoso-opensource             7.2.5.1+dfsg1-0.8ubuntu0.1~esm2                                   Available with Ubuntu Pro   virtuoso-opensource-7           7.2.5.1+dfsg1-0.8ubuntu0.1~esm2                                   Available with Ubuntu Pro   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.8ubuntu0.1~esm2                                   Available with Ubuntu ProUbuntu 22.04 LTS   virtuoso-opensource             7.2.5.1+dfsg1-0.2ubuntu0.1~esm2                                   Available with Ubuntu Pro   virtuoso-opensource-7           7.2.5.1+dfsg1-0.2ubuntu0.1~esm2                                   Available with Ubuntu Pro   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.2ubuntu0.1~esm2                                   Available with Ubuntu ProUbuntu 20.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu10+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu10+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu10+esm2                                   Available with Ubuntu ProUbuntu 18.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu9+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu9+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu9+esm2                                   Available with Ubuntu ProUbuntu 16.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu5+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu5+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu5+esm2                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6879-1   CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626,   CVE-2023-31627, CVE-2023-31629, CVE-2023-31630, CVE-2023-31631,   CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48950,   CVE-2023-48951

Related news

CVE-2023-48950: Fuzzer: Virtuoso 7.2.11 crashed at box_col_len · Issue #1174 · openlink/virtuoso-opensource

An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE-2023-48947: Fuzzer: Virtuoso 7.2.11 crashed at cha_cmp · Issue #1179 · openlink/virtuoso-opensource

An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE-2023-48946: Fuzzer: Virtuoso 7.2.11 crashed at box_mpy · Issue #1178 · openlink/virtuoso-opensource

An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE-2023-48945: Fuzzer: Virtuoso 7.2.11 crashed by stack smashing · Issue #1172 · openlink/virtuoso-opensource

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-48951: Fuzzer: Virtuoso 7.2.11 crashed at box_equal · Issue #1177 · openlink/virtuoso-opensource

An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE-2023-31630: virtuoso 7.2.9 crashed at sqlo_query_spec · Issue #1138 · openlink/virtuoso-opensource

An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31629: virtuoso 7.2.9 crashed at sqlo_union_scope · Issue #1139 · openlink/virtuoso-opensource

An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31631: virtuoso 7.2.9 crashed at sqlo_preds_contradiction · Issue #1137 · openlink/virtuoso-opensource

An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31627: virtuoso 7.2.9 crashed at strhash · Issue #1140 · openlink/virtuoso-opensource

An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31626: virtuoso 7.2.9 crashed at gpf_notice · Issue #1129 · openlink/virtuoso-opensource

An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31624: virtuoso 7.2.9 crashed at sinv_check_exp · Issue #1134 · openlink/virtuoso-opensource

An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31622: virtuoso 7.2.9 crashed at sqlc_make_policy_trig · Issue #1135 · openlink/virtuoso-opensource

An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31620: virtuoso 7.2.9 crashed at dv_compare · Issue #1128 · openlink/virtuoso-opensource

An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Packet Storm: Latest News

Scapy Packet Manipulation Tool 2.6.1