==========================================================================
Ubuntu Security Notice USN-6834-1
June 13, 2024

h2database vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

H2 could be made to allow arbitrary code execution.

Software Description:
- h2database: H2 Database Engine

Details:

It was discovered that H2 was vulnerable to deserialization of
untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-42392)

It was discovered that H2 incorrectly handled some specially
crafted connection URLs. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2022-23221)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   libh2-java                      1.4.196-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libh2-java                      1.4.191-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6834-1 

   CVE-2021-42392, CVE-2022-23221

Ubuntu 6834-1: H2 Security Advisory Updates

June 13, 2024

H2 could be made to allow arbitrary code execution.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: H2 could be made to allow arbitrary code execution. Software Description: - h2database: H2 Database Engine Details: It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-42392) It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-23221)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libh2-java 1.4.196-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libh2-java 1.4.191-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6834-1

CVE-2021-42392, CVE-2022-23221

Severity

Ubuntu Security Notice USN-6834-1

Package Information

Related News

34.Key AbstractDigital Esm H170

Mallox Ransomware: A Rising Threat to Linux Servers

2 - 4 min read

Jul 04, 2024

Security threats continue developing rapidly, with attackers finding new vulnerabilities daily. Recent findings from researchers at Uptycs indicate

32.Lock Code Circular Esm H170

Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems

2 - 4 min read

Jul 03, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

1.Penguin Landscape Esm H170

Embracing Digital Independence: The Case for Switching to Linux from Windows

2 - 3 min read

Jul 03, 2024

On Independence Day, there is a deep recognition of digital autonomy amidst the colorful fireworks displays and patriotic revelry. At LinuxSecurity,

20.Lock AbstractDigital Circular Esm H170

CISA Adds New Chromium Zero-Day Bug to its Known Exploited Vulnerability Catalog

2 - 3 min read

Jul 03, 2024

Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other

11.Locks IsometricPattern Esm H170

Exploring Linux Mint 22 'Wilma': Key Updates and Security Improvements for Admins

2 - 4 min read

Jul 02, 2024

Linux Mint is a user-friendly GNU/Linux desktop distribution built upon Ubuntu and Debian for maximum reliability while offering an aesthetically

32.Lock Code Circular Esm H170

Recent OpenSSH RCE Bug Explained: Impact & Mitigations

2 - 4 min read

Jul 01, 2024

In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’

27.Tablet Connections Blocks Lock Esm H170

Debian 12.6 Released: Understanding the Security & Stability Enhancements

2 - 4 min read

Jul 01, 2024

Debian recently unveiled a significant update to its stable distribution, Debian 12.6 (codename "bookworm"). While not an entirely new release, this

8.Locks HexConnections CodeGlobe Esm H170

Canonical's Game-Changing Move: 12-Year LTS for Distroless Docker Images

2 - 4 min read

Jun 28, 2024

Canonical has made headlines with its groundbreaking long-term support (LTS) service offering to extend far beyond Ubuntu deb packages, promising 12

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved