-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmdix5wFAwAAAAAACgkQyfW2m9Ldu6ux
xw//fJLhAVH41k+uwCq+jJ9yhnFsG6MkW80fqTUOV3NBsG038MEwpViqY9klaisbQrLG+I7cNDTD
J/5qMnGpUw7PtVtAhM4d5rmfiiu2YF6HVVhhhbiyb1sJ1SQeQ7pEaOFyCzkk0YxeC2aZNNPk49TB
yjBXTJdh4PbKm8P0f0/cZghWIUy+F/aehYHnwflClTrVUD1IigagPA5S5er50Bp/E6mnXsWLnURb
GLqf66N+mwvUg2MLZ9g0upTMCD8GmjyNDQ+R2YtMs+UCNUPIHvpO5A2zK0TVlKAT8jIuI2gH0aWH
enYgS2I0C/kuxBECzJz/ts6BLyzaathmWHjS7dSWcPjj7BAegYPYAyRMlsJsWYP8+m0pnQSyxtx/
6F72AXRJYJOgJbWDw1p7Fg5iA08aBiQ0dNuJQ2k6od1z2UGwne9jeOb8jae362WRzNUauf4N74Wv
RHgdncF2gtmcoL20feZelSjq6HqXI2QI9sVGGM7KiobSbO+OQHofjsv9kBkRV1EKa2Hy3NtHwdJs
CLBA3ZDRjX8pOWQw67ZB0SJ1WUcKCz5pdRAFrmjrBLiffwwWcW1dv+HHvN2hJw/iKv5T2Ttq91V4
0uR2yO3gdXqleNwTkI0qy1wO/ThmbEt391LuQAdZWOJV5yOlnjnEKwqS7Tz/MyOczybhWDT4RUyk
SmM=
=pyBW
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7165-1
December 17, 2024
libspring-java vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Spring Framework could be made to run programs or expose sensitive
information if it received specially crafted network traffic.
Software Description:
- libspring-java: Modular Java/J2EE application framework
Details:
It was discovered that the Spring Framework incorrectly handled web
requests via data binding. An attacker could possibly use this issue to
achieve remote code execution and obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libspring-aop-java 4.3.30-2ubuntu0.24.10.1
libspring-beans-java 4.3.30-2ubuntu0.24.10.1
libspring-context-java 4.3.30-2ubuntu0.24.10.1
libspring-context-support-java 4.3.30-2ubuntu0.24.10.1
libspring-core-java 4.3.30-2ubuntu0.24.10.1
libspring-expression-java 4.3.30-2ubuntu0.24.10.1
libspring-instrument-java 4.3.30-2ubuntu0.24.10.1
libspring-jdbc-java 4.3.30-2ubuntu0.24.10.1
libspring-jms-java 4.3.30-2ubuntu0.24.10.1
libspring-messaging-java 4.3.30-2ubuntu0.24.10.1
libspring-orm-java 4.3.30-2ubuntu0.24.10.1
libspring-oxm-java 4.3.30-2ubuntu0.24.10.1
libspring-transaction-java 4.3.30-2ubuntu0.24.10.1
libspring-web-java 4.3.30-2ubuntu0.24.10.1
libspring-web-portlet-java 4.3.30-2ubuntu0.24.10.1
libspring-web-servlet-java 4.3.30-2ubuntu0.24.10.1
Ubuntu 24.04 LTS
libspring-aop-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-beans-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-context-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-context-support-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-core-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-expression-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-instrument-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-jdbc-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-jms-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-messaging-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-orm-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-oxm-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-transaction-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-web-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-web-portlet-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libspring-web-servlet-java 4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libspring-aop-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-beans-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-context-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-context-support-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-core-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-expression-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-instrument-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-jdbc-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-jms-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-messaging-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-orm-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-oxm-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-transaction-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-web-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-web-portlet-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-web-servlet-java 4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libspring-aop-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-beans-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-context-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-context-support-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-core-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-expression-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-instrument-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-jdbc-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-jms-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-messaging-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-orm-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-oxm-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-transaction-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-web-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-web-portlet-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
libspring-web-servlet-java 4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libspring-aop-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-beans-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-context-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-context-support-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-core-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-expression-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-instrument-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-jdbc-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-jms-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-messaging-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-orm-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-oxm-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-transaction-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-web-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-web-portlet-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
libspring-web-servlet-java 4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7165-1
CVE-2022-22965
Package Information:
https://launchpad.net/ubuntu/+source/libspring-java/4.3.30-2ubuntu0.24.10.1
No comments:
Post a Comment