-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGO/60oBDADb8Iw1QscMxjlKh+9QZcJ6NQwruJEuvbH4qi6hRKJt3441GR2F
sJRcmGrQOp87R2QdMoRSaifa96QOWLVu740PVq4/ztQkoqyB7yVMxc8L986H79xL
b+pcExy4Rvn++CQyTJ2/L/QEaOzN/Rq8ZCCDLtWUwxYOwYKZCW3Hw1/Fjzs0kpz6
oNlX4jiq76tJmA7vuVCydB9FuuC7/6K7/wUZrm2sHMnQ3JSv3G2vhHI0KANyVPIB
fNGplCqGc3aSRMIJ04KVukuzVPUKeLqkfLydiwdmG/IuS4jpWGL1bSWRPds0W2Ct
/N7hFcStudDlbV36DhGdpMeDxrhLL9aRpeZQro1LGhHHAA4oadE20vk1+9JS2pQC
CjtxxWnyDsC9j5eXN8Gr61yiLorxIRzO37arPVLxFMjafrP0rAweTivWCp2C+BOm
FsNilHHr57pDQOmc3LXDqdz8qqSVHaAK0CEH3YQA5ZUnWDbjj2D8aHcvrwSAk8pl
OxFmmOns8W6p/eEAEQEAAc1BQW1pciBOYXNlcmVkaW5pIChQcml2YXRlIEVtYWls
IEFkZHJlc3MpIDxzYWhuYXNlcmVkaW5pQGdtYWlsLmNvbT7CwRQEEwEKAD4WIQQt
F2HPcpjsUaJwwPxWOD410VO4sgUCY7/sHAIbAwUJA8JnAAULCQgHAwUVCgkICwUW
AgMBAAIeAQIXgAAKCRBWOD410VO4spcWDACioxx6/W7LDOkfKGx741eFLTHjeOR0
RMGL20Qd6cK4pdFjfrHU3PPBXKlZBSAT3JCcPKVE5ecu49Behqnzj4obGPJ0XBwM
hGRWeLhVQhsPmtGYy4irgXsm3+n2xbru9iq5CPobesDam6Z84OZoKDT/7XD5I8C/
ntJ8mD/+v2P4VeQ1iwvO3wAwh0zKna+Bi55mX1neLJj1T3/3+fIRnudclESE+JR0
A6309kotXRPLLse9LOzE8u3uM/zqHoJukc5G2CFbxSsdUE8MP4lQOff54vkb7NkM
hQzDDgvVKXTl5OF+gECHIeR4Dv7yjafLwt+3sDBwWK0HPaf6vvfi227G/urMKCxf
D5VWglvZfm64j0v+/apMUDtmkqw2PxFulJ8iwWA39owP0vH8jNp5YWJASOrNoDXn
nPzbvJLdy2gP59W2n038V59hH7vdA86ywmiWuP0n1pw95UjzkZiYGoaPCLrefiY9
SG5Jp3XoWVGP8mB87FfHTzccm2Dzm6pPbzHNL0FtaXIgTmFzZXJlZGluaSA8YW1p
ci5uYXNlcmVkaW5pQGNhbm9uaWNhbC5jb20+wsEXBBMBCgBBAhsDBQkDwmcABQsJ
CAcDBRUKCQgLBRYCAwEAAh4BAheAFiEELRdhz3KY7FGicMD8Vjg+NdFTuLIFAmO/
7aUCGQEACgkQVjg+NdFTuLJ9WQv/R0lA8yFIZGs2d6f3skai5QBeCGkBNdAatjeP
JNeFATvXbv8tNyXSJqhpQi2mVdNIq4uVdhzxzGbWrFGKcZh+aLNFe6XhqO/dupnm
fhAaCeTFmKlqU2VPbXGznIffK5s4IjEy0+6haF2mDwFokuav+JNFn9REPESQ9sJq
/zWC5LDm8ZzF0+ElPlJS3SrRG+BSx44qFASkbMMvKWj/huwplWOvjED6O8XU91Ii
ydlndFpk6xJE5cu3030R47Szn58z3iXTNWsWBgzVxy3rmr97MniOuLeAKWgK7NqE
TWE9OjG/lLEgtSP5suv/k07oufIAJtaIIjNZTTgyKZKfMaaKoekYCVMpXI6lwiLE
97nw4uQ/7hCi0TOzWVdOlRP58O3f3ATWyGrijn6c/N1CDAABgJvz6nJihS5Vkpc4
3qe8V3zgi173BbEpGcf2nOEMukBV4E4vNviFDNoKoUMNv+jxDiPPCDUJQa/oDxJ4
73KaXIIddyEUw3mqCRZlwtKhisy2zsDNBGO/60oBDACg+zE4kmu2CzeSFHEV/mSi
8P4u/MGN2Orq/pXFcpsN4fI3nsAS1qy7SfSmB8n6x8VZABRTPikznAochiFiD9U7
6tz7xsb5LWVXY+bdPzkMjsdB9UExhbARAiNaAZ1uvUI2YjD5+NVTDEuWpCyoVf7y
qfzth39p70KmdJE32PJC26+a7dV+dZKV7DM+pOH3PW0iXGaokzoO/hfWnIo4EanE
3IxtGG85E/PTxrSs0qDrOcQ9t0RLN0kCHwrjlDaAiN/amB4nx1BQLsUofripb10x
drLXdcGCPeqyNnuDKA++eGxMs4rf/gZqpriZe/c5GOZYOEWf94eyEfY7Ap3iXYhG
3bcNIKxikOY+N8i7CNuaZcFrosK6pGIgzUX3jCxjZpYYfP4CI1AcPPnqIgEWH4qQ
wmaWYNQ8gVQAnF097hKKbLozvKkg5App66v3DdDERKkB1YPPDPAXmQR9RiPUnXxQ
p89wveOLCemuROqq9hWnVTq+d9SElOipRXfY3r2xzTUAEQEAAcLA/AQYAQoAJhYh
BC0XYc9ymOxRonDA/FY4PjXRU7iyBQJjv+tKAhsMBQkDwmcAAAoJEFY4PjXRU7iy
ZSML/iIEflaHoQnViezZwZq0Jjwvy4SljggpUzKiF65aZK7VXd5JHH8J4cCOTJUy
0a4p+g7XMChLMVY8zj4GjnaQ9AG0LT9pvbDPNnFAQ37W8LgoSmaJ9oAo1wYbjoDJ
9wYsfATPveltC04LQ5ODH+R+3AkG15gBEX7lImyNSHabLedrYQUvAcWDo66C4Gwk
k7Q/GgwYteCwRYvG+Rmv1OWcjSZmqWJArk4vwdGuaEWmPsTldTgU0T1jjhny81eI
FYTwAtL175x+ScIhrVuvBpsxV2htrJCOPCPZTYPyd8sXZZgAfhjyAepWAqgONIoJ
Npog1dAZDpUCihQviQ0kzPokaPXKUCahY/hKm+nncKCOR/FB8l2iQHTC6rlDhZ4a
8DSRjElpOJ9Q94aWUuUEQ+7VnwBFFbTClwAo51ejvZ3ZKaEX6lAo4VMchQYpqb6A
FXf9+sS2VJ2HRD1wsHZ2hTLxApu16lVJphpGM90Zc81qc3uXR7fDTi6G0FDzRx0/
PrhDFw==
=grCX
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEELRdhz3KY7FGicMD8Vjg+NdFTuLIFAmVDiZMFAwAAAAAACgkQVjg+NdFTuLJV
7wv+KB8uSzv1ZsdcPp93uvSmV4YL2Sh3QH6txx7mD5yM5xR8idDE0dWqudYMuYKaN1HhsG4o6z+4
y4xwoYbYZcBDXGesYC20Q873Naoy8ibmD0sib1+0ui2phQcwzBBv00CVmA/Snn2yvMcgdk4ihVzb
pGdUSCqc8pwJk5M1rWaDJP5s8eS2ObCbJr92edjwYoJd8R3GsHy6H4S4ryGyGr6JpjRFtq5o+ALf
Gczz+g8odvKG4nLVmC000wQ6ud4St2bdftZrFZeb6oayP+6mpve7PEbJt3HWr0JGKz7FeFfd1tHR
PZUaRT56hYo2PKYv2ph8yd0tY5nyLlB1+CDLbZiJWryPubbuReruEImMyPqPZL0ZntwSewwe3K7u
qxPGfgijiwWYxQpKgPlDS4IZ0A/cy3JL5TnH4mvbAWFIMfr2j9oFMJ5FgL4ugpMTy+FvzFY6D59A
hfwqTYbofAZEdZO5B/BiEdR8RcoH16fSDKfAU3beUDfoKkCSV5IaRwhcOdad
=5Ub6
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6470-1
November 02, 2023
axis vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Axis could be made to crash or execute arbitrary code if it received specially
crafted input.
Software Description:
- axis: SOAP implementation in Java
Details:
It was discovered that Axis incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2023-40743)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
libaxis-java 1.4-28+deb10u1build0.23.10.1
libaxis-java-doc 1.4-28+deb10u1build0.23.10.1
Ubuntu 23.04:
libaxis-java 1.4-28+deb10u1build0.23.04.1
libaxis-java-doc 1.4-28+deb10u1build0.23.04.1
Ubuntu 22.04 LTS:
libaxis-java 1.4-28+deb10u1build0.22.04.1
libaxis-java-doc 1.4-28+deb10u1build0.22.04.1
Ubuntu 20.04 LTS:
libaxis-java 1.4-28+deb10u1build0.20.04.1
libaxis-java-doc 1.4-28+deb10u1build0.20.04.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libaxis-java 1.4-25ubuntu0.1~esm1
libaxis-java-doc 1.4-25ubuntu0.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libaxis-java 1.4-24ubuntu0.1~esm1
libaxis-java-doc 1.4-24ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6470-1
CVE-2023-40743
Package Information:
https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.23.10.1
https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.23.04.1
https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.22.04.1
https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.20.04.1
No comments:
Post a Comment