Alerts This Week
Warning Icon 1 1,375
Alerts This Week
Warning Icon 1 1,375

Ubuntu 22.04 LTS: USN-7260-1 critical: OpenRefine code execution risks

ubuntu
Calendar Grey February 10, 2025
Dist Ubuntu Esm H88
Multiple vulnerabilities addressed in OpenRefine for Ubuntu. Ensure your system is updated to mitigate risks of unauthorized code execution.
Several security issues were fixed in OpenRefine.

Summary

Several security issues were fixed in OpenRefine.

Software Description:

- openrefine: powerful tool for working with messy data

Details:

It was discovered that OpenRefine did not properly handle opening tar

files. If a user or application were tricked into opening a crafted tar

file, an attacker could possibly use this issue to execute arbitrary code.

This issue only affected Ubuntu 22.04 LTS. (CVE-2023-37476)

It was discovered that OpenRefine incorrectly handled file permissions and

user authentication. An unauthenticated attacker could possibly use this

issue to leak sensitive information or execute arbitrary code. This issue

only affected Ubuntu 22.04 LTS. (CVE-2023-41886, CVE-2023-41887)

It was discovered that OpenRefine did not properly disallow database

settings to be modified when queried. An attacker could possibly use this

issue to leak sensitive information. This issue only affected

Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-23833)

It wa...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   openrefine                      3.7.8-1ubuntu0.1

Ubuntu 24.04 LTS
   openrefine                      3.7.7-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   openrefine                      3.5.2-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7260-1

  CVE-2023-37476, CVE-2023-41886, CVE-2023-41887, CVE-2024-23833,

  CVE-2024-47878, CVE-2024-47879, CVE-2024-47880, CVE-2024-47881,

  CVE-2024-47882, CVE-2024-49760

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7260-1

Package Information

  https://launchpad.net/ubuntu/+source/openrefine/3.7.8-1ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here