Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6771-1

Ubuntu Security Notice 6771-1 - It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of service.

Packet Storm
#sql#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-6771-1
May 13, 2024

sqlparse vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 23.10
  • Ubuntu 22.04 LTS

Summary:

SQL parse could be made to denial of service if it received a specially crafted input.

Software Description:

  • sqlparse: documentation for non-validating SQL parser in Python

Details:

It was discovered that SQL parse incorrectly handled certain nested lists.
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
python3-sqlparse 0.4.4-1ubuntu0.1

Ubuntu 23.10
python3-sqlparse 0.4.2-1ubuntu1.1

Ubuntu 22.04 LTS
python3-sqlparse 0.4.2-1ubuntu0.22.04.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6771-1
CVE-2024-4340

Package Information:
https://launchpad.net/ubuntu/+source/sqlparse/0.4.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/sqlparse/0.4.2-1ubuntu1.1
https://launchpad.net/ubuntu/+source/sqlparse/0.4.2-1ubuntu0.22.04.2

Related news

Red Hat Security Advisory 2024-3781-03

Red Hat Security Advisory 2024-3781-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, buffer overflow, code execution, cross site scripting, denial of service, memory exhaustion, null pointer, and password leak vulnerabilities.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution