Debian Security Advisory 5437-1 ≈ Packet Storm

Home ^[1] Files ^[2] News ^[3] &[SERVICES_TAB] Contact ^[4] Add New ^[5]

Debian Security Advisory 5437-1^[6]: Authored by Debian ^[7] | Site debian.org ^[8]; Debian Linux Security Advisory 5437-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.; systems | linux ^[9], debian ^[10]; advisories | CVE-2023-1183 ^[11]; SHA-256 | 7c544f31219784b743536b45da6065cc810499bfb45dbd1197cd11a809f8e80a; Download ^[12] | Favorite ^[13] | View ^[14]

        -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5437-1                   Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://www.debian.org/security/                          Markus Koschany
June 21, 2023                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package        : hsqldb
CVE ID         : CVE-2023-1183
Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL
database engine, allowed the execution of spurious scripting commands in
.script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally
used to record the commands input by the database admin to output such a
script. In combination with LibreOffice, an attacker could craft an odb
containing a "database/script" file which itself contained a SCRIPT command
where the contents of the file could be written to a new file whose location
was determined by the attacker.
For the oldstable distribution (bullseye), this problem has been fixed
in version 2.5.1-1+deb11u2.
For the stable distribution (bookworm), this problem has been fixed in
version 2.7.1-1+deb12u1.
We recommend that you upgrade your hsqldb packages.
For the detailed security status of hsqldb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/hsqldb
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSTb1tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSyRw//XKFjC4nEe3cC0vYfO6RvImJOauQahx63tWCfT/cMcsP/U6+4D41BIbG4
Ge1HUeV73Vz8Vq0+9w+8x/+HrlkLF7i6j1t4BpXyFIBttmQPS247RWtbOlwRlI+A
HwgyEnFNd5M6AcXYpcVVeuG4P0070PyTPg2ZD3FNqWPl5VbeMDk15a17SB8PpduD
8HkTySKMpQ54IXOvzPQJG1R3IDugl8+tAiF4hwIdaL0mMMNtWbvd+R/SXt+T0XNB
xyvzjbojsUz+s60mHU/4Tp+efVvn0TUjU0mQhGzBWENPL1mNElj41a6qetwhyJZ6
dL/DXPn2Z7gmstFFg+yJQ62KfWXl/KwtSFmlqlgaF314i/qnWkJqPpdZShDK5pIT
cf4OMUWFId1ZoJ6/Wbq3zRqLDjCOSoxLHID3jG8UspjoVtN2XcbEbTtmy0h6YTeH
T1xe+OPvYe1SBo8pZkI1z8UFa1+gbUTgbraF1fi+Oz8oP8MVexhbvKoL2gGjcJOv
50G1oy9P6JcDeEhIdMJeNJlDFoD/dI3V6DHLrskEs1/pP5jcozbSYvGSvm5IomKA
5GXJm336S1szk01PmtqPbJ81yp1ZKrScSywLwK9p0vWxqeP8fqduDW3o/JhXRp2A
KO5blMufbOh/w5E9ZiJQhuybgG9eSj4SD6zRTgvbF8MQL6wsx/s=
=UcJ1
-----END PGP SIGNATURE-----