USN-6879-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-6879-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6879-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6879-1
Related
Published
2024-07-04T20:25:40.466653Z
Modified
2024-07-04T20:25:40.466653Z
Summary
virtuoso-opensource vulnerabilities
Details

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626, CVE-2023-31627, CVE-2023-31629, CVE-2023-31630, CVE-2023-31631, CVE-2023-48951)

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48950)

References

Affected packages

Ubuntu:Pro:18.04:LTS / virtuoso-opensource

Package

Name
virtuoso-opensource

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.6+repack-0ubuntu9+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libvirtodbc0": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-conductor": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-bpel": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vsp-startpage": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-tutorial": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-opensource-6.1-bin": "6.1.6+repack-0ubuntu9+esm2",
            "libvirtuoso5.5-cil": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-ods": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-server": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-syncml": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-opensource-6.1": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-opensource": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-doc": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-isparql": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-rdfmappers": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-demo": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-vad-sparqldemo": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-minimal": "6.1.6+repack-0ubuntu9+esm2",
            "virtuoso-opensource-6.1-common": "6.1.6+repack-0ubuntu9+esm2"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / virtuoso-opensource

Package

Name
virtuoso-opensource

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.6+repack-0ubuntu10+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libvirtodbc0": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-conductor": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-bpel": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vsp-startpage": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-tutorial": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-opensource-6.1-bin": "6.1.6+repack-0ubuntu10+esm2",
            "libvirtuoso5.5-cil": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-ods": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-server": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-syncml": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-opensource-6.1": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-opensource": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-doc": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-isparql": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-rdfmappers": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-demo": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-vad-sparqldemo": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-minimal": "6.1.6+repack-0ubuntu10+esm2",
            "virtuoso-opensource-6.1-common": "6.1.6+repack-0ubuntu10+esm2"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / virtuoso-opensource

Package

Name
virtuoso-opensource

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.2.5.1+dfsg1-0.2ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libvirtodbc0": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-conductor": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-bpel": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-opensource-7-common": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vsp-startpage": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-tutorial": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-server": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "libvirtuoso5.5-cil": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-ods": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-syncml": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-rdfmappers": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-opensource": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-doc": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-isparql": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-opensource-7": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-demo": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-vad-sparqldemo": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-opensource-7-bin": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2",
            "virtuoso-minimal": "7.2.5.1+dfsg1-0.2ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / virtuoso-opensource

Package

Name
virtuoso-opensource

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.2.5.1+dfsg1-0.8ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libvirtodbc0": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-conductor": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-bpel": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-opensource-7-common": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vsp-startpage": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-tutorial": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-server": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "libvirtuoso5.5-cil": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-ods": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-syncml": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-rdfmappers": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-opensource": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-doc": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-isparql": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-opensource-7": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-demo": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-vad-sparqldemo": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-opensource-7-bin": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2",
            "virtuoso-minimal": "7.2.5.1+dfsg1-0.8ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / virtuoso-opensource

Package

Name
virtuoso-opensource

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.6+repack-0ubuntu5+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libvirtodbc0": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-conductor": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-bpel": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vsp-startpage": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-tutorial": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-opensource-6.1-bin": "6.1.6+repack-0ubuntu5+esm2",
            "libvirtuoso5.5-cil": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-ods": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-server": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-syncml": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-opensource-6.1": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-opensource": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-doc": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-isparql": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-rdfmappers": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-demo": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-vad-sparqldemo": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-minimal": "6.1.6+repack-0ubuntu5+esm2",
            "virtuoso-opensource-6.1-common": "6.1.6+repack-0ubuntu5+esm2"
        }
    ]
}