USN-6933-1

It was discovered that ClickHouse incorrectly handled memory, leading to a heap out-of-bounds data read. An attacker could possibly use this issue to cause a denial of service, or leak sensitive information. (CVE-2021-42387, CVE-2021-41388)

It was discovered that ClickHouse incorrectly handled memory, leading to a heap-based buffer overflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2021-43305)

References

Affected packages

Ubuntu:20.04:LTS / clickhouse

Package

Name: clickhouse
Purl: pkg:deb/ubuntu/clickhouse@18.16.1+ds-7ubuntu0.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.16.1+ds-7ubuntu0.1

Affected versions

18.*

18.16.1+ds-5

18.16.1+ds-5ubuntu1

18.16.1+ds-5ubuntu2

18.16.1+ds-6ubuntu1

18.16.1+ds-7

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "clickhouse-client",
            "binary_version": "18.16.1+ds-7ubuntu0.1"
        },
        {
            "binary_name": "clickhouse-client-dbgsym",
            "binary_version": "18.16.1+ds-7ubuntu0.1"
        },
        {
            "binary_name": "clickhouse-common",
            "binary_version": "18.16.1+ds-7ubuntu0.1"
        },
        {
            "binary_name": "clickhouse-common-dbgsym",
            "binary_version": "18.16.1+ds-7ubuntu0.1"
        },
        {
            "binary_name": "clickhouse-server",
            "binary_version": "18.16.1+ds-7ubuntu0.1"
        },
        {
            "binary_name": "clickhouse-server-dbgsym",
            "binary_version": "18.16.1+ds-7ubuntu0.1"
        },
        {
            "binary_name": "clickhouse-tools",
            "binary_version": "18.16.1+ds-7ubuntu0.1"
        },
        {
            "binary_name": "clickhouse-tools-dbgsym",
            "binary_version": "18.16.1+ds-7ubuntu0.1"
        }
    ]
}