USN-6422-2

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-6422-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6422-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6422-2
Related
Published
2023-10-24T08:51:49.461666Z
Modified
2023-10-24T08:51:49.461666Z
Summary
ring vulnerabilities
Details

It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37706)

It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585)

Original advisory details:

It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37706)

It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244)

It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)

It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585)

References

Affected packages

Ubuntu:23.10 / ring

Package

Name
ring
Purl
pkg:deb/ubuntu/ring?arch=src?distro=mantic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20230206.0~ds2-1.3ubuntu0.1

Affected versions

20230206.*

20230206.0~ds1-5
20230206.0~ds2-1.1
20230206.0~ds2-1.1build1
20230206.0~ds2-1.2
20230206.0~ds2-1.3~build1
20230206.0~ds2-1.3

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "20230206.0~ds2-1.3ubuntu0.1",
            "binary_name": "jami"
        },
        {
            "binary_version": "20230206.0~ds2-1.3ubuntu0.1",
            "binary_name": "jami-daemon"
        },
        {
            "binary_version": "20230206.0~ds2-1.3ubuntu0.1",
            "binary_name": "jami-daemon-dbgsym"
        },
        {
            "binary_version": "20230206.0~ds2-1.3ubuntu0.1",
            "binary_name": "jami-dbgsym"
        }
    ]
}