Headline
Ubuntu Security Notice USN-6832-1
Ubuntu Security Notice 6832-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
==========================================================================Ubuntu Security Notice USN-6832-1June 13, 2024virtuoso-opensource vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Open-Source Edition could be made to crash if it received specially craftedinput.Software Description:- virtuoso-opensource: high-performance databaseDetails:Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.(CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610,CVE-2023-31611, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618,CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628)Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu24.04 LTS. (CVE-2023-31612, CVE-2023-31613, CVE-2023-31614,CVE-2023-31615)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS virtuoso-opensource 7.2.5.1+dfsg1-0.8ubuntu0.1~esm1 Available with Ubuntu Pro virtuoso-opensource-7 7.2.5.1+dfsg1-0.8ubuntu0.1~esm1 Available with Ubuntu Pro virtuoso-opensource-7-bin 7.2.5.1+dfsg1-0.8ubuntu0.1~esm1 Available with Ubuntu ProUbuntu 23.10 virtuoso-opensource 7.2.5.1+dfsg1-0.3ubuntu1.1 virtuoso-opensource-7 7.2.5.1+dfsg1-0.3ubuntu1.1 virtuoso-opensource-7-bin 7.2.5.1+dfsg1-0.3ubuntu1.1Ubuntu 22.04 LTS virtuoso-opensource 7.2.5.1+dfsg1-0.2ubuntu0.1~esm1 Available with Ubuntu Pro virtuoso-opensource-7 7.2.5.1+dfsg1-0.2ubuntu0.1~esm1 Available with Ubuntu Pro virtuoso-opensource-7-bin 7.2.5.1+dfsg1-0.2ubuntu0.1~esm1 Available with Ubuntu ProUbuntu 20.04 LTS virtuoso-opensource 6.1.6+repack-0ubuntu10+esm1 Available with Ubuntu Pro virtuoso-opensource-6.1 6.1.6+repack-0ubuntu10+esm1 Available with Ubuntu Pro virtuoso-opensource-6.1-bin 6.1.6+repack-0ubuntu10+esm1 Available with Ubuntu ProUbuntu 18.04 LTS virtuoso-opensource 6.1.6+repack-0ubuntu9+esm1 Available with Ubuntu Pro virtuoso-opensource-6.1 6.1.6+repack-0ubuntu9+esm1 Available with Ubuntu Pro virtuoso-opensource-6.1-bin 6.1.6+repack-0ubuntu9+esm1 Available with Ubuntu ProUbuntu 16.04 LTS virtuoso-opensource 6.1.6+repack-0ubuntu5+esm1 Available with Ubuntu Pro virtuoso-opensource-6.1 6.1.6+repack-0ubuntu5+esm1 Available with Ubuntu Pro virtuoso-opensource-6.1-bin 6.1.6+repack-0ubuntu5+esm1 Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6832-1 CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611, CVE-2023-31612, CVE-2023-31613, CVE-2023-31614, CVE-2023-31615, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618, CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628Package Information: https://launchpad.net/ubuntu/+source/virtuoso-opensource/7.2.5.1+dfsg1-0.3ubuntu1.1
Related news
An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.