Ubuntu 24.10: USN-7165-1 critical: libspring-java remote code execution

ubuntu

December 18, 2024

Spring Framework could be made to run programs or expose sensitive information if it received specially crafted network traffic.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Spring Framework could be made to run programs or expose sensitive information if it received specially crafted network traffic. Software Description: - libspring-java: Modular Java/J2EE application framework Details: It was discovered that the Spring Framework incorrectly handled web requests via data binding. An attacker could possibly use this issue to achieve remote code execution and obtain sensitive information.

Topics Covered

security advisory security issue software update remote code execution Ubuntu sensitive information exposure libspring-java

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libspring-aop-java 4.3.30-2ubuntu0.24.10.1 libspring-beans-java 4.3.30-2ubuntu0.24.10.1 libspring-context-java 4.3.30-2ubuntu0.24.10.1 libspring-context-support-java 4.3.30-2ubuntu0.24.10.1 libspring-core-java 4.3.30-2ubuntu0.24.10.1 libspring-expression-java 4.3.30-2ubuntu0.24.10.1 libspring-instrument-java 4.3.30-2ubuntu0.24.10.1 libspring-jdbc-java 4.3.30-2ubuntu0.24.10.1 libspring-jms-java 4.3.30-2ubuntu0.24.10.1 libspring-messaging-java 4.3.30-2ubuntu0.24.10.1 libspring-orm-java 4.3.30-2ubuntu0.24.10.1 libspring-oxm-java 4.3.30-2ubuntu0.24.10.1 libspring-transaction-java 4.3.30-2ubuntu0.24.10.1 libspring-web-java 4.3.30-2ubuntu0.24.10.1 libspring-web-portlet-java 4.3.30-2ubuntu0.24.10.1 libspring-web-servlet-java 4.3.30-2ubuntu0.24.10.1 Ubuntu 24.04 LTS libspring-aop-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-beans-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-context-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-context-support-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-core-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-expression-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-instrument-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-jdbc-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-jms-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-messaging-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-orm-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-oxm-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-transaction-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-web-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-web-portlet-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-web-servlet-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libspring-aop-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-beans-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-context-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-context-support-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-core-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-expression-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-instrument-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-jdbc-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-jms-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-messaging-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-orm-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-oxm-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-transaction-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-portlet-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-servlet-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libspring-aop-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-beans-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-context-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-context-support-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-core-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-expression-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-instrument-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-jdbc-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-jms-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-messaging-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-orm-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-oxm-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-transaction-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-portlet-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-servlet-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libspring-aop-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-beans-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-context-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-context-support-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-core-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-expression-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-instrument-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-jdbc-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-jms-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-messaging-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-orm-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-oxm-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-transaction-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-web-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-web-portlet-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-web-servlet-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7165-1

CVE-2022-22965

Severity

critical

Lowest

Low

Medium

High

Critical

Ubuntu Security Notice USN-7165-1

Topics Covered

security advisory security issue software update remote code execution Ubuntu sensitive information exposure libspring-java

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Ubuntu 24.10: USN-7165-1 critical: libspring-java remote code execution

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Ubuntu 24.10: USN-7165-1 critical: libspring-java remote code execution

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!