Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Ubuntu Security Notice USN-6529-1[6]
- Authored by Ubuntu[7] | Site security.ubuntu.com[8]
-
Ubuntu Security Notice 6529-1 - It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.
- systems | linux[9], ubuntu[10]
- advisories | CVE-2021-38562[11], CVE-2023-41260[12]
- SHA-256 |
b7781b6cef2d4e5a1231114d065fcd56952e3d3a8b5206f0f7f485e28a574086 - Download[13] | Favorite[14] | View[15]
Change Mirror[16] Download[17]
==========================================================================
Ubuntu Security Notice USN-6529-1
December 04, 2023
request-tracker4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Request Tracker.
Software Description:
- request-tracker4: An enterprise-grade issue tracking system
Details:
It was discovered that Request Tracker incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2021-38562, CVE-2022-25802, CVE-2023-41259,
CVE-2023-41260)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
request-tracker4 4.4.4+dfsg-2ubuntu1.23.10.1
rt4-apache2 4.4.4+dfsg-2ubuntu1.23.10.1
rt4-clients 4.4.4+dfsg-2ubuntu1.23.10.1
rt4-db-mysql 4.4.4+dfsg-2ubuntu1.23.10.1
rt4-db-postgresql 4.4.4+dfsg-2ubuntu1.23.10.1
rt4-db-sqlite 4.4.4+dfsg-2ubuntu1.23.10.1
rt4-fcgi 4.4.4+dfsg-2ubuntu1.23.10.1
rt4-standalone 4.4.4+dfsg-2ubuntu1.23.10.1
Ubuntu 23.04:
request-tracker4 4.4.4+dfsg-2ubuntu1.23.04.1
rt4-apache2 4.4.4+dfsg-2ubuntu1.23.04.1
rt4-clients 4.4.4+dfsg-2ubuntu1.23.04.1
rt4-db-mysql 4.4.4+dfsg-2ubuntu1.23.04.1
rt4-db-postgresql 4.4.4+dfsg-2ubuntu1.23.04.1
rt4-db-sqlite 4.4.4+dfsg-2ubuntu1.23.04.1
rt4-fcgi 4.4.4+dfsg-2ubuntu1.23.04.1
rt4-standalone 4.4.4+dfsg-2ubuntu1.23.04.1
Ubuntu 22.04 LTS:
request-tracker4 4.4.4+dfsg-2ubuntu1.22.04.1
rt4-apache2 4.4.4+dfsg-2ubuntu1.22.04.1
rt4-clients 4.4.4+dfsg-2ubuntu1.22.04.1
rt4-db-mysql 4.4.4+dfsg-2ubuntu1.22.04.1
rt4-db-postgresql 4.4.4+dfsg-2ubuntu1.22.04.1
rt4-db-sqlite 4.4.4+dfsg-2ubuntu1.22.04.1
rt4-fcgi 4.4.4+dfsg-2ubuntu1.22.04.1
rt4-standalone 4.4.4+dfsg-2ubuntu1.22.04.1
Ubuntu 20.04 LTS:
request-tracker4 4.4.3-2+deb10u3build0.20.04.1
rt4-apache2 4.4.3-2+deb10u3build0.20.04.1
rt4-clients 4.4.3-2+deb10u3build0.20.04.1
rt4-db-mysql 4.4.3-2+deb10u3build0.20.04.1
rt4-db-postgresql 4.4.3-2+deb10u3build0.20.04.1
rt4-db-sqlite 4.4.3-2+deb10u3build0.20.04.1
rt4-fcgi 4.4.3-2+deb10u3build0.20.04.1
rt4-standalone 4.4.3-2+deb10u3build0.20.04.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
request-tracker4 4.4.2-2ubuntu0.1~esm1
rt4-apache2 4.4.2-2ubuntu0.1~esm1
rt4-clients 4.4.2-2ubuntu0.1~esm1
rt4-db-mysql 4.4.2-2ubuntu0.1~esm1
rt4-db-postgresql 4.4.2-2ubuntu0.1~esm1
rt4-db-sqlite 4.4.2-2ubuntu0.1~esm1
rt4-fcgi 4.4.2-2ubuntu0.1~esm1
rt4-standalone 4.4.2-2ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6529-1
CVE-2021-38562, CVE-2022-25802, CVE-2023-41259, CVE-2023-41260
Package Information:
https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.10.1
https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.04.1
https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.22.04.1
https://launchpad.net/ubuntu/+source/request-tracker4/4.4.3-2+deb10u3build0.20.04.1
Follow us on
Facebook
Subscribe to an RSS
FeedFile Tags
- ActiveX[23] (932)
- Advisory[24] (83,374)
- Arbitrary[25] (16,425)
- BBS[26] (2,859)
- Bypass[27] (1,803)
- CGI[28] (1,031)
- Code Execution[29] (7,420)
- Conference[30] (683)
- Cracker[31] (843)
- CSRF[32] (3,353)
- DoS[33] (24,038)
- Encryption[34] (2,372)
- Exploit[35] (52,286)
- File Inclusion[36] (4,234)
- File Upload[37] (978)
- Firewall[38] (822)
- Info Disclosure[39] (2,809)
- Intrusion Detection[40] (900)
- Java[41] (3,091)
- JavaScript[42] (880)
- Kernel[43] (6,848)
- Local[44] (14,580)
- Magazine[45] (586)
- Overflow[46] (12,860)
- Perl[47] (1,427)
- PHP[48] (5,162)
- Proof of Concept[49] (2,349)
- Protocol[50] (3,656)
- Python[51] (1,569)
- Remote[52] (31,051)
- Root[53] (3,606)
- Rootkit[54] (515)
- Ruby[55] (614)
- Scanner[56] (1,645)
- Security Tool[57] (7,929)
- Shell[58] (3,212)
- Shellcode[59] (1,216)
- Sniffer[60] (897)
- Spoof[61] (2,229)
- SQL Injection[62] (16,442)
- TCP[63] (2,419)
- Trojan[64] (687)
- UDP[65] (896)
- Virus[66] (667)
- Vulnerability[67] (32,103)
- Web[68] (9,789)
- Whitepaper[69] (3,759)
- x86[70] (966)
- XSS[71] (18,055)
- Other[72]
File Archives
- December 2023[73]
- November 2023[74]
- October 2023[75]
- September 2023[76]
- August 2023[77]
- July 2023[78]
- June 2023[79]
- May 2023[80]
- April 2023[81]
- March 2023[82]
- February 2023[83]
- January 2023[84]
- Older[85]
Systems
- AIX[86] (429)
- Apple[87] (2,037)
- BSD[88] (375)
- CentOS[89] (57)
- Cisco[90] (1,926)
- Debian[91] (6,914)
- Fedora[92] (1,692)
- FreeBSD[93] (1,246)
- Gentoo[94] (4,379)
- HPUX[95] (880)
- iOS[96] (363)
- iPhone[97] (108)
- IRIX[98] (220)
- Juniper[99] (69)
- Linux[100] (47,850)
- Mac OS X[101] (691)
- Mandriva[102] (3,105)
- NetBSD[103] (256)
- OpenBSD[104] (486)
- RedHat[105] (14,624)
- Slackware[106] (941)
- Solaris[107] (1,611)
- SUSE[108] (1,444)
- Ubuntu[109] (9,137)
- UNIX[110] (9,340)
- UnixWare[111] (187)
- Windows[112] (6,606)
- Other[113]
© 2022 Packet Storm. All rights reserved.
- Services
- Security Services[124]
- Hosting By
- Rokasec[125]
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Read more https://packetstormsecurity.com/files/176070/USN-6529-1.txt
