wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmZrDuAFAwAAAAAACgkQC+du+fOjiEx0
2QwAyQmm6FYUKUGipbFpUJVmjeIt2ZlcTjoaqHWv4bd7yjgafPY5B+UgeG2Y5A+xAku/ZRMiPOCQ
bDpSzl+xB3sjY6tk8TzacCF0PydLx1zyYjlbZxZwy3gl0UwphQcMpF6beAKq5UrNpG4IRFE29Oye
VRTFBkQHRW/wnke4Jt/m0vdxJuXwdc+PI2uc93XSTTnTt20NgNKdTKQQEMXs2sHik7pqqGjDG9sf
mcFQFoBr9mBTwaIsUniwpnnmNQ/9cK6pN7shC8UlIv17syVXcrlT1im9EA5o7MM0+jggTQ7fpim7
7SQpDzK3l9GAKI0FCIxuDnZRl85GDcJd9EF+KcLeGjdzxLv+bZ9J031B2LANdSeB3O+ThWPl/vda
9vAqT2kLSeIjxRyjMLu0i+22xhT2Tr5yelvedlmGTM5xUgm7eaqsw1mAE4p/08w8T8iY3Qyv6RIp
0GtcKWKn3S3Facj2xMfFySXeyGxvJm2msSQtO4eOcMHlkU/Dh+DFxvsYye/r
=5eDy
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6834-1
June 13, 2024
h2database vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
H2 could be made to allow arbitrary code execution.
Software Description:
- h2database: H2 Database Engine
Details:
It was discovered that H2 was vulnerable to deserialization of
untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-42392)
It was discovered that H2 incorrectly handled some specially
crafted connection URLs. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2022-23221)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libh2-java 1.4.196-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTSUbuntu Security Notice USN-6834-1
June 13, 2024
h2database vulnerabilities
==============================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
H2 could be made to allow arbitrary code execution.
Software Description:
- h2database: H2 Database Engine
Details:
It was discovered that H2 was vulnerable to deserialization of
untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-42392)
It was discovered that H2 incorrectly handled some specially
crafted connection URLs. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2022-23221)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libh2-java 1.4.196-2ubuntu0.1~esm1
Available with Ubuntu Pro
libh2-java 1.4.191-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/no
CVE-2021-42392, CVE-2022-23221
No comments:
Post a Comment