1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5437-1] hsqldb security update

    From Markus Koschany@21:1/5 to All on Thu Jun 22 00:10:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5437-1 security@debian.org https://www.debian.org/security/ Markus Koschany
    June 21, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : hsqldb
    CVE ID : CVE-2023-1183

    Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 2.5.1-1+deb11u2.

    For the stable distribution (bookworm), this problem has been fixed in
    version 2.7.1-1+deb12u1.

    We recommend that you upgrade your hsqldb packages.

    For the detailed security status of hsqldb please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/hsqldb

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSTb1tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSyRw//XKFjC4nEe3cC0vYfO6RvImJOauQahx63tWCfT/cMcsP/U6+4D41BIbG4 Ge1HUeV73Vz8Vq0+9w+8x/+HrlkLF7i6j1t4BpXyFIBttmQPS247RWtbOlwRlI+A HwgyEnFNd5M6AcXYpcVVeuG4P0070PyTPg2ZD3FNqWPl5VbeMDk15a17SB8PpduD 8HkTySKMpQ54IXOvzPQJG1R3IDugl8+tAiF4hwIdaL0mMMNtWbvd+R/SXt+T0XNB xyvzjbojsUz+s60mHU/4Tp+efVvn0TUjU0mQhGzBWENPL1mNElj41a6qetwhyJZ6 dL/DXPn2Z7gmstFFg+yJQ62KfWXl/KwtSFmlqlgaF314i/qnWkJqPpdZShDK5pIT cf4OMUWFId1ZoJ6/Wbq3zRqLDjCOSoxLHID3jG8UspjoVtN2XcbEbTtmy0h6YTeH T1xe+OPvYe1SBo8pZkI1z8UFa1+gbUTgbraF1fi+Oz8oP8MVexhbvKoL2gGjcJOv 50G1oy9P6JcDeEhIdMJeNJlDFoD/dI3V6DHLrskEs1/pP5jcozbSYvGSvm5IomKA 5GXJm336S1szk01PmtqPbJ81yp1ZKrScSywLwK9p0vWxqeP8fqduDW3o/JhXRp2A KO5blMufbOh/w5E9ZiJQhuybgG9eSj4SD6zRTgvbF8MQL6wsx/s=
    =UcJ1
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)