Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7040-2

Ubuntu Security Notice 7040-2 - USN-7040-1 fixed a vulnerability in ConfigObj. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a regular expression denial of service.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-7040-2October 14, 2024configobj vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:ConfigObj could be made to crash if it received specially crafted input.Software Description:- configobj: simple but powerful config file reader and writer for PythonDetails:USN-7040-1 fixed a vulnerability in ConfigObj. This updateprovides the corresponding update for Ubuntu 14.04 LTS.Original advisory details: It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a regular expression denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS  python-configobj                4.7.2+ds-5ubuntu0.1~esm1                                  Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7040-2  https://ubuntu.com/security/notices/USN-7040-1  CVE-2023-26112

Related news

Ubuntu Security Notice USN-7040-1

Ubuntu Security Notice 7040-1 - It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a regular expression denial of service.

GHSA-c33w-24p9-8m24: configobj ReDoS exploitable by developer using values in a server-side configuration file

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

CVE-2023-26112: Snyk Vulnerability Database | Snyk

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution