USN-5293-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5293-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5293-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5293-2

Related

Published

2022-02-22T10:19:21.166930Z

Modified

2022-02-22T10:19:21.166930Z

Summary

c3p0 vulnerability

Details

USN-5293-1 fixed a vulnerability in c3p0. This update provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could cause a denial of service.

References

Affected packages

Ubuntu:Pro:16.04:LTS / c3p0

Package

Name: c3p0
Purl: pkg:deb/ubuntu/c3p0?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.1.2-9+deb8u1ubuntu0.16.04.1~esm1

Affected versions

0.*

0.9.1.2-9

0.9.1.2-9+deb8u1build0.16.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.9.1.2-9+deb8u1ubuntu0.16.04.1~esm1",
            "binary_name": "libc3p0-java"
        },
        {
            "binary_version": "0.9.1.2-9+deb8u1ubuntu0.16.04.1~esm1",
            "binary_name": "libc3p0-java-doc"
        }
    ]
}