Headline
Ubuntu Security Notice USN-6771-1
Ubuntu Security Notice 6771-1 - It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of service.
==========================================================================
Ubuntu Security Notice USN-6771-1
May 13, 2024
sqlparse vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
Summary:
SQL parse could be made to denial of service if it received a specially crafted input.
Software Description:
- sqlparse: documentation for non-validating SQL parser in Python
Details:
It was discovered that SQL parse incorrectly handled certain nested lists.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-sqlparse 0.4.4-1ubuntu0.1
Ubuntu 23.10
python3-sqlparse 0.4.2-1ubuntu1.1
Ubuntu 22.04 LTS
python3-sqlparse 0.4.2-1ubuntu0.22.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6771-1
CVE-2024-4340
Package Information:
https://launchpad.net/ubuntu/+source/sqlparse/0.4.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/sqlparse/0.4.2-1ubuntu1.1
https://launchpad.net/ubuntu/+source/sqlparse/0.4.2-1ubuntu0.22.04.2
Related news
Red Hat Security Advisory 2024-3781-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, buffer overflow, code execution, cross site scripting, denial of service, memory exhaustion, null pointer, and password leak vulnerabilities.