Headline
Ubuntu Security Notice USN-6590-1
Ubuntu Security Notice 6590-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service.
==========================================================================
Ubuntu Security Notice USN-6590-1
January 18, 2024
xerces-c vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Xerces-C++.
Software Description:
- xerces-c: Validating XML parser written in a portable subset of C++
Details:
It was discovered that Xerces-C++ was not properly handling memory
management operations when parsing XML data containing external DTDs,
which could trigger a use-after-free error. If a user or automated system
were tricked into processing a specially crafted XML document, an attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2018-1311)
It was discovered that Xerces-C++ was not properly performing bounds
checks when processing XML Schema Definition files, which could lead to an
out-of-bounds access via an HTTP request. If a user or automated system
were tricked into processing a specially crafted XSD file, a remote
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-37536)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
libxerces-c-samples 3.2.3+debian-3ubuntu0.1
libxerces-c3.2 3.2.3+debian-3ubuntu0.1
Ubuntu 20.04 LTS:
libxerces-c-samples 3.2.2+debian-1ubuntu0.2
libxerces-c3.2 3.2.2+debian-1ubuntu0.2
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libxerces-c-samples 3.2.0+debian-2ubuntu0.1~esm3
libxerces-c3.2 3.2.0+debian-2ubuntu0.1~esm3
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libxerces-c-samples 3.1.3+debian-1ubuntu0.1~esm3
libxerces-c3.1 3.1.3+debian-1ubuntu0.1~esm3
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
libxerces-c-samples 3.1.1-5.1+deb8u4ubuntu0.1~esm2
libxerces-c3.1 3.1.1-5.1+deb8u4ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6590-1
CVE-2018-1311, CVE-2023-37536
Package Information:
https://launchpad.net/ubuntu/+source/xerces-c/3.2.3+debian-3ubuntu0.1
https://launchpad.net/ubuntu/+source/xerces-c/3.2.2+debian-1ubuntu0.2
Related news
Ubuntu Security Notice 6579-2 - USN-6579-1 fixed a vulnerability in Xerces-C++. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 6579-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.