xsFNBGcM+UsBEACnxIX3dF12qyB4OKisrt1o7TWw/2QPjdzEQCyPhg4EI0SQocv1
A9HjQChQzbXVzEWPNStrsp3NqGv/GPgiICCRCR+wZbWMMKVz5QhEuVtm18399ERz
GAZ6L+2//ZQfUrTIJF9edZpK+KysNGag5qyUFTOu9auDqIJ/PJPkX/tEL2vx3DE0
OtQZmBxmKinOdzAA+kct3xf2FaAIQoSq/gRIeFS3zCQgOvncIs8WGcS/ZOQNhrLq
ULFIayVOjmx0GEjvOWe9Fp883v20p2Fxf9qDPpyX5lVE2/Uu/GOhK5IPQH5ls688
E/KjXgi1Kw1SLcrAIjOk3JjWXzcV5og/flNqaKkqnSpRQ/up2NeQukSTkqLSZvyK
hjnpyGjosbjdIVQ2lqjz2S94pDHaOCjROpS9WDXAhQscL07xa1ld5d0E2BCAD3YO
d+Q6zVGrWAh3GhBBQm9XWCBJlrXHO03dHI4VXgnYC3zHyW6BSMhmEH4aepcCK/NA
U7WCvf8QcLiWwy2qVwlgrVr2GfjP1HG16UZlWXQD6Ooxbrmw7nZr/LAk6bSEjNzV
O3vROUk7drdmq4VN+2tZHnsnGFXzIwLvHNbwVSzv3FfRLt6uLC8EifrFysJ4yJIz
3C80qa1i1VfSAjw1uVe4sTBKXo4Ap1BFia+S07EMgSWdkV5oQz2b3Jr9cQARAQAB
zTZOb2FtIE5lZGVsZWMtU2FsbW9uIDxub2FtLm5lZGVsZWNzYWxtb25AY2Fub25p
Y2FsLmNvbT7CwZEEEwEKADsWIQSKjhLfH3pjEbIqx+Q1/Mid/TeRwQUCZwz5SwIb
AwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRA1/Mid/TeRwU2rEACFY4wW
Q2gXo1Hw/wkMsjVD1HqUqtPB9KBs+1+nvGOXjmgsszaRSNAlYUAQElRDYyBON2PB
O34TPV9e7KdW4vJSWFgP8En2kA613W/MJsW7hwH3M5cqBJucwyfCqFryzk0vJ6Jr
ZNjUlRr3dPYQ5calEdn5aQBD4AkY58liC2kOYC1DTe4iA1Zqxu+kapN36PwEPT7u
QQ22ssqKtR2DzGj7erZpfGfkEBI142FUfPtbfYu4UbGcXi86Tvf19Qc/GivLDuTJ
aNYrIQNDk7I4vwXpl2TvK6u5u+2PX0MGRQ8HNztieB5FiXtkoG8/fVoTlmySK6yq
4qq4Kv4HuKVd+1YAXFGMdyAc1fruXDeO4Ne/06yLEfXZUSAV/It4Rk38ad4gwRsb
eCS0C3/DXNXw9W2Dd4cOmn9YQx3QXynVrKOHi05IZUryCRyrhPfD/gJq0BtWc7PZ
gOPTMbCZuaDnT4kQso2OPunL3QKqgCRa1JnRV11JQ344jZYMqf/C7opH/v+QBAVg
V2XCfkcyVk8Ikiyr8FRA24noAYCPqgovrhabpLVcKpQ0ulcTiwIiIBkA8OfZV9cG
9pEmHiaEsHiUm/yoJ5j/zWytM8jyoZdfKjt76gIpIOwx90okD2qNU4I9GC6LtnX6
hA6TCRBVnv9kmMuhv0dmiiQqX4aAj9J8W2xLHc7BTQRnDPlLARAAyfXjcjkjx/FM
13ptrTyqajvVAmkidTo0PhJgl0boDB5TGSIfGY9+ta2z8Awqb3xtwZ2L5GLdJXQq
LV3/VGK0D++X/icGNT+7xgynmUEHmneEHBXlGUcOr3SU8kcd6OV2CNu8AmrCvktP
1zqYBbJ5hFyuaZvTGeM9AHMhyHJddd5vDVBJN8geVHUDuyzAIk31l+m0LWPGR3TA
/WtqMQOpfYVDbh7r1p9SkTcjJLEIeuo4Whrn7Y5QRkF2KXvj/F5xWyCQtYEqSyGF
o9XLXqhb7sxCYEzBQc/7wrXh84dU+Rd3FgKKeOxX2HVchauJgX8fsbS6NaMfvkVJ
fzTzHKfJ8NtqmxA6yMpMdfrS+mFSIxm/Nb7N3VmWNZhbWbp4ueUXd1YHyhy+Xkad
ti/E/GyVBACOZKTKT7pYk088heDpz6TVafWa2keC5VJq2htgKr4yyXTp/9PyN8Mx
jmbqcwApEHUmata4PSWk3XvdKCo+742fIJQGV/pel+V0/iyqwg/Gcv/sek3gCK1X
NLWp9ZJBmIVNXtKpaAq/R04v7AIm2O/LQ5b/0m4KTzRJwgO8hDU25DTqOjbZbumo
qI3H8w+pTM4Jm9zwoN6fsoZN3oRLjh+6BFeD77C6sAK87TAIrgywvRcWjm4OeOwL
dUoApFez6mF4ebHUtsjNWSo2Xun27q0AEQEAAcLBdgQYAQoAIBYhBIqOEt8femMR
sirH5DX8yJ39N5HBBQJnDPlLAhsMAAoJEDX8yJ39N5HBqEkQAJAxb5ecILu4MXww
Wg7qyMNFmXd2fU3rfDzUyN8gPCLjbloc6GAi/IgeSx3HMI0igeuX5zTwu2cOdnmY
4nFn4Ochi5ln+Uotc6cNJPhHkdIq/Xwyx7tEtXDn/KNZay7T3g8mci2cFKtQQuLZ
Fmkp7E5ADKfHa6IfhOzUFJAk0sH9dxyIZuvUCCY2Ib89fy8/wDcUglsLHzir1pIX
FFTTmIzu6bnjUDrGNR8kIq8qVuAM0rOqUHc8nLbyHEhNvdxNDAAT7zm4Oz2oELZs
Oua49hJ6YW74gtBeizQR6WM1tD7BJbUrvWfw6j+vifYmkzeoZpIA6/qtLje1ytia
HJHknvXuim5MzF7IO0xgm1/zXEhVvQkV1PxXsIccKtV3cMZ7tqHu+9u6+MVRKvG2
UdhdKHJOLnHZTfcx6eUWr5wvVtJHrHg2WpczbxRIv5FM4MAhiuk22eKqyQ+57092
oQzTH3cUb8kfgzC8zONMg3aMkiUmoGjvG81CJ5CZLmsMJTnlDvnb4rJ4jeU8HVf4
/hXJxBJnz9OEamU0w0qr57p1oRj22bt+wNlTE63A13YNznxinJ48Fa4nXZQZEyJi
BFcZwfRKMHtbX/pQc07XJuCqF+AAEC23yxDz5WRncN3EVBmII0SCOaZGQ4mIdh0H
i20vXIyHZEv45UkTIVnfRvrbetiE
=uUCC
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEio4S3x96YxGyKsfkNfzInf03kcEFAmfS81EFAwAAAAAACgkQNfzInf03kcHn
5Q//XFq3YrJnOWNM8FnsyzTkRbYJofL4T7mMD32P0fUYEv99XQZIcepqhOvem/MWhMMlVoajAvyA
CNr5+wBGNqFdDXdssUr8ysvm4aKvcMTctC/Rjwlttokh/ACurj5rYzFy34TKD/8JksqxA399uUzl
tawRjhMVF69hIhr5TEE3uUD5/j02AKrf52dZ7g7OkEiuXmUyFB6AFAAmnl0jKVIISqN2R1c8nlun
+efLWQFKg10Seh4+DN8LoebJPxMhqgaEMzfF/oxVx07Itc4EYQZwMQGH8SSPfv1HEJ/KCU3tszYx
ianbjUTMU7g9qRur581Z8+sUKGwuMVxQsdY/urLVoxm5CJRmbv43FIYSDfPg5/50F7yacEyQxYDi
Jdf2+hCN+kyqTN20nJcBYhB4zoKLE2NzqMKm5aRT8n9h3O5SpebjciLy53GxIfMVqOZa2h5dfzJQ
/RV+BbV00qOqY7Rbc/yk0TnXaUvitzJOwLTlWyMRIyW7KhLh648isGs2Yjt2VzZopaeFCuwwtmp6
xf1yt9HNnlz8by7J+yUiGRL4zZx8wvaKKfI7VA8a63Nowd7Kt1dkzwb+Jd/KZuY8zaIXs5vI7PUq
E1DCDGB4FItItI5Eat7n2oYBUsQrQZEvTHK/vbyHe1e+Y8koyHaE47di3QaiNWUQRkXA4DldGqJ8
qOI=
=LYQa
-----END PGP SIGNATURE-----
========================================================================== Ubuntu Security Notice USN-7351-1 March 13, 2025 resteasy vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in RESTEasy. Software Description: - resteasy: RESTEasy -- Framework for RESTful Web services and Java applications Details: Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. (CVE-2020-10688) Mirko Selber discovered that RESTEasy improperly validated user input during HTTP response construction. This issue could possibly allow an attacker to cause a denial of service or execute arbitrary code. (CVE-2020-1695) It was discovered that RESTEasy unintentionally disclosed potentially sensitive server information to users during the handling of certain errors. (CVE-2020-25633) It was discovered that RESTEasy unintentionally disclosed parts of its code to users during the handling of certain errors. (CVE-2021-20289) It was discovered that RESTEasy used improper permissions when creating temporary files. An attacker could possibly use this issue to get access to sensitive data. (CVE-2023-0482) It was discovered that RESTEasy improperly handled certain HTTP requests and could be forced into a state in which it can no longer accept incoming connections. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-9622) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libresteasy-java 3.6.2-2ubuntu0.24.10.1 Ubuntu 24.04 LTS libresteasy-java 3.6.2-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libresteasy-java 3.6.2-2ubuntu0.22.04.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libresteasy-java 3.6.2-2ubuntu0.20.04.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7351-1 CVE-2020-10688, CVE-2020-1695, CVE-2020-25633, CVE-2021-20289, CVE-2023-0482, CVE-2024-9622 Package Information: https://launchpad.net/ubuntu/+source/resteasy/3.6.2-2ubuntu0.24.10.1
No comments:
Post a Comment