Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6832-1

Ubuntu Security Notice 6832-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.

Packet Storm
#sql#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6832-1June 13, 2024virtuoso-opensource vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Open-Source Edition could be made to crash if it received specially craftedinput.Software Description:- virtuoso-opensource: high-performance databaseDetails:Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.(CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610,CVE-2023-31611, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618,CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628)Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu24.04 LTS. (CVE-2023-31612, CVE-2023-31613, CVE-2023-31614,CVE-2023-31615)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   virtuoso-opensource             7.2.5.1+dfsg1-0.8ubuntu0.1~esm1                                   Available with Ubuntu Pro   virtuoso-opensource-7           7.2.5.1+dfsg1-0.8ubuntu0.1~esm1                                   Available with Ubuntu Pro   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.8ubuntu0.1~esm1                                   Available with Ubuntu ProUbuntu 23.10   virtuoso-opensource             7.2.5.1+dfsg1-0.3ubuntu1.1   virtuoso-opensource-7           7.2.5.1+dfsg1-0.3ubuntu1.1   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.3ubuntu1.1Ubuntu 22.04 LTS   virtuoso-opensource             7.2.5.1+dfsg1-0.2ubuntu0.1~esm1                                   Available with Ubuntu Pro   virtuoso-opensource-7           7.2.5.1+dfsg1-0.2ubuntu0.1~esm1                                   Available with Ubuntu Pro   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.2ubuntu0.1~esm1                                   Available with Ubuntu ProUbuntu 20.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu10+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu10+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu10+esm1                                   Available with Ubuntu ProUbuntu 18.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu9+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu9+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu9+esm1                                   Available with Ubuntu ProUbuntu 16.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu5+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu5+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu5+esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6832-1   CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610,   CVE-2023-31611, CVE-2023-31612, CVE-2023-31613, CVE-2023-31614,   CVE-2023-31615, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618,   CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628Package Information:   https://launchpad.net/ubuntu/+source/virtuoso-opensource/7.2.5.1+dfsg1-0.3ubuntu1.1

Related news

CVE-2023-31607: virtuoso 7.2.9 crashed at __libc_malloc · Issue #1120 · openlink/virtuoso-opensource

An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31608: virtuoso 7.2.9 crashed at artm_div_int · Issue #1123 · openlink/virtuoso-opensource

An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31609: virtuoso 7.2.9 crashed at dfe_unit_col_loci · Issue #1126 · openlink/virtuoso-opensource

An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31610: virtuoso 7.2.9 crashed at _IO_default_xsputn · Issue #1118 · openlink/virtuoso-opensource

An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31611: virtuoso 7.2.9 crashed at __libc_longjmp · Issue #1119 · openlink/virtuoso-opensource

An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31616: virtuoso 7.2.9 crashed at bif_mod · Issue #1122 · openlink/virtuoso-opensource

An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31617: virtuoso 7.2.9 crashed at dk_set_delete · Issue #1127 · openlink/virtuoso-opensource

An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31618: virtuoso 7.2.9 crashed at sqlc_union_dt_wrap · Issue #1136 · openlink/virtuoso-opensource

An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31619: virtuoso 7.2.9 crashed at sch_name_to_object · Issue #1133 · openlink/virtuoso-opensource

An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31623: virtuoso 7.2.9 crashed at mp_box_copy · Issue #1131 · openlink/virtuoso-opensource

An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31625: virtuoso 7.2.9 crashed at psiginfo (maybe the same as #1118) · Issue #1132 · openlink/virtuoso-opensource

An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31628: virtuoso 7.2.9 crashed at stricmp (maybe the same as #1118) · Issue #1141 · openlink/virtuoso-opensource

An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31612: virtuoso 7.2.9 crashed at dfe_qexp_list · Issue #1125 · openlink/virtuoso-opensource

An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31613: virtuoso 7.2.9 crashed at __nss_database_lookup · Issue #1121 · openlink/virtuoso-opensource

An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-31614: virtuoso *crashed* after running a SELECT statement · Issue #1117 · openlink/virtuoso-opensource

An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE-2023-31615: virtuoso 7.2.9 crashed at chash_array · Issue #1124 · openlink/virtuoso-opensource

An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution