UbuntuUpdates.org

Package "virtuoso-server"

Name: virtuoso-server

Description:

high-performance database - server dependency package
Latest version: 7.2.5.1+dfsg1-0.3ubuntu1.1
Release: mantic (23.10)
Level: updates
Repository: universe
Head package: virtuoso-opensource
Homepage: http://vos.openlinksw.com/owiki/wiki/VOS/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "virtuoso-server"

All arch deb package
APT INSTALL

Other versions of "virtuoso-server" in Mantic

Repository Area Version
base universe 7.2.5.1+dfsg1-0.3ubuntu1
security universe 7.2.5.1+dfsg1-0.3ubuntu1.1

Changelog

Version: 7.2.5.1+dfsg1-0.3ubuntu1.1 2024-06-13 12:06:45 UTC

  virtuoso-opensource (7.2.5.1+dfsg1-0.3ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: SQL Injection
    - debian/patches/CVE-2023-31607.patch: Fixed missing check for max
      number of key parts
    - debian/patches/CVE-2023-31608.patch: Fixed 64bit arith overflow
    - debian/patches/CVE-2023-31609.patch: Fixed issue if original dfe
      not there; see error in optimizer
    - debian/patches/CVE-2023-31610-31619-31623-31625-31628.patch: Fixed
      missing arguments in table def
    - debian/patches/CVE-2023-31611.patch: Fixed expand column list
      during parsing
    - debian/patches/CVE-2023-31612.patch: Fixed missing check for a
      qexp to continue with
    - debian/patches/CVE-2023-31613.patch: Added missing reuse check for
      dv bin
    - debian/patches/CVE-2023-31614.patch: Fixed compare only up to cha
      key parts
    - debian/patches/CVE-2023-31615.patch: Fixed do not change col_dtp
      if already set before
    - debian/patches/CVE-2023-31616.patch: Fixed 64bit arith exception
    - debian/patches/CVE-2023-31617.patch: Fixed save/restore temp refs
    - debian/patches/CVE-2023-31618.patch: Fixed non-terminal in union
      branch is not supported
    - CVE-2023-31607
    - CVE-2023-31608
    - CVE-2023-31609
    - CVE-2023-31610
    - CVE-2023-31611
    - CVE-2023-31612
    - CVE-2023-31613
    - CVE-2023-31614
    - CVE-2023-31615
    - CVE-2023-31616
    - CVE-2023-31617
    - CVE-2023-31618
    - CVE-2023-31619
    - CVE-2023-31623
    - CVE-2023-31625
    - CVE-2023-31628

 -- Allen Huang <email address hidden> Tue, 11 Jun 2024 11:11:31 +0100
CVE-2023-31607 An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL st
CVE-2023-31608 An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL sta
CVE-2023-31609 An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQ
CVE-2023-31610 An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted S
CVE-2023-31611 An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL s
CVE-2023-31612 An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL st
CVE-2023-31613 An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafte
CVE-2023-31614 An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after r
CVE-2023-31615 An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL stat
CVE-2023-31616 An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statemen
CVE-2023-31617 An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL st
CVE-2023-31618 An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted S
CVE-2023-31619 An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted S
CVE-2023-31623 An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL stat
CVE-2023-31625 An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL stateme
CVE-2023-31628 An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statemen


About   -   Send Feedback to @ubuntu_updates