1. Ubuntu Security Notices
  2. USN-6832-1

USN-6832-1: Virtuoso Open-Source Edition vulnerabilities

Publication date

13 June 2024

Overview

Virtuoso Open-Source Edition could be made to crash if it received specially crafted input.

Releases

Packages

Details

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly
handled certain crafted SQL statements. An attacker could possibly use
this issue to crash the program, resulting in a denial of service.
(CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610,
CVE-2023-31611, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618,
CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628)

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly
handled certain crafted...

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly
handled certain crafted SQL statements. An attacker could possibly use
this issue to crash the program, resulting in a denial of service.
(CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610,
CVE-2023-31611, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618,
CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628)

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly
handled certain crafted SQL statements. An attacker could possibly use
this issue to crash the program, resulting in a denial of service.
This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu
24.04 LTS. (CVE-2023-31612, CVE-2023-31613, CVE-2023-31614,
CVE-2023-31615)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 noble virtuoso-opensource –  7.2.5.1+dfsg1-0.8ubuntu0.1~esm1  
virtuoso-opensource-7 –  7.2.5.1+dfsg1-0.8ubuntu0.1~esm1  
virtuoso-opensource-7-bin –  7.2.5.1+dfsg1-0.8ubuntu0.1~esm1  
23.10 mantic virtuoso-opensource –  7.2.5.1+dfsg1-0.3ubuntu1.1
virtuoso-opensource-7 –  7.2.5.1+dfsg1-0.3ubuntu1.1
virtuoso-opensource-7-bin –  7.2.5.1+dfsg1-0.3ubuntu1.1
22.04 jammy virtuoso-opensource –  7.2.5.1+dfsg1-0.2ubuntu0.1~esm1  
virtuoso-opensource-7 –  7.2.5.1+dfsg1-0.2ubuntu0.1~esm1  
virtuoso-opensource-7-bin –  7.2.5.1+dfsg1-0.2ubuntu0.1~esm1  
20.04 focal virtuoso-opensource –  6.1.6+repack-0ubuntu10+esm1  
virtuoso-opensource-6.1 –  6.1.6+repack-0ubuntu10+esm1  
virtuoso-opensource-6.1-bin –  6.1.6+repack-0ubuntu10+esm1  
18.04 bionic virtuoso-opensource –  6.1.6+repack-0ubuntu9+esm1  
virtuoso-opensource-6.1 –  6.1.6+repack-0ubuntu9+esm1  
virtuoso-opensource-6.1-bin –  6.1.6+repack-0ubuntu9+esm1  
16.04 xenial virtuoso-opensource –  6.1.6+repack-0ubuntu5+esm1  
virtuoso-opensource-6.1 –  6.1.6+repack-0ubuntu5+esm1  
virtuoso-opensource-6.1-bin –  6.1.6+repack-0ubuntu5+esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›