Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 18.04 LTS USN-6243-2 Moderate: Graphite-Web Regression Fix

ubuntu
Calendar Grey August 9, 2023
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-6244-3 addresses a regression in Graphite-Web following USN-6244-1 that impacts the confidentiality of private information.
USN-6243-1 caused a minor regression in Graphite-Web.

Summary

USN-6243-1 caused a minor regression in Graphite-Web.

Software Description:

- graphite-web: A highly scalable real-time graphing system

Details:

USN-6243-1 fixed vulnerabilities in Graphite-Web. It was discovered that the

applied fix was incomplete. This update fixes the problem.

Original advisory details:

It was discovered that Graphite-Web incorrectly handled certain inputs. If a

user or an automated system were tricked into opening a specially crafted

input file, a remote attacker could possibly use this issue to perform

server-side request forgery and obtain sensitive information. This issue

only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638)

It was discovered that Graphite-Web incorrectly handled certain inputs. If a

user or an automated system were tricked into opening a specially crafted

input file, a remote attacker could possibly use this issue to perform

cross site scripting and obtain sensitive information. ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   graphite-web                    1.0.2+debian-2ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6243-2

https://bugs.launchpad.net/ubuntu/+source/graphite-web/+bug/2030807

Ubuntu Security Notice USN-6243-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here