drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Apache Commons BCEL
| Name: |
Ausführen beliebiger Kommandos in Apache Commons BCEL |
|
| ID: |
USN-7208-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS |
|
| Datum: |
Do, 16. Januar 2025, 22:40 |
|
| Referenzen: |
https://ubuntu.com/security/notices/USN-7208-1
https://launchpad.net/ubuntu/+source/bcel/6.5.0-1ubuntu0.1
https://www.cve.org/CVERecord?id=CVE-2022-42920 |
|
| Applikationen: |
Apache Commons BCEL |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3019288449493040194== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------Kdfo2pstPujXBm0cFx0PGVLE"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------Kdfo2pstPujXBm0cFx0PGVLE Content-Type: multipart/mixed; boundary="------------CjH1Qtsvj0UkbFfhy8TbGSwu"; protected-headers="v1" From: John Breton <john.breton@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <d0f2d1be-1bfb-4eca-924a-21b9c42f4962@canonical.com> Subject: [USN-7208-1] Apache Commons BCEL vulnerability
--------------CjH1Qtsvj0UkbFfhy8TbGSwu Content-Type: multipart/mixed; boundary="------------yyYKS29lKWpQ7M1g09P7b0CE"
--------------yyYKS29lKWpQ7M1g09P7b0CE Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-7208-1 January 16, 2025
bcel vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
Apache Commons BCEL could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - bcel: Analyze, create, and manipulate (binary) Java class files
Details:
Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker supplying malicious input could exploit this to generate and execute arbitrary bytecode.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS libbcel-java 6.5.0-1ubuntu0.1
Ubuntu 20.04 LTS libbcel-java 6.4.1-1ubuntu0.1~esm1 Available with Ubuntu Pro
Ubuntu 18.04 LTS libbcel-java 6.2-1ubuntu0.1~esm1 Available with Ubuntu Pro
Ubuntu 16.04 LTS libbcel-java 6.0~rc3-2ubuntu1+esm1 Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-7208-1 CVE-2022-42920
Package Information: https://launchpad.net/ubuntu/+source/bcel/6.5.0-1ubuntu0.1
--------------yyYKS29lKWpQ7M1g09P7b0CE Content-Type: application/pgp-keys; name="OpenPGP_0xF294825506581F28.asc" Content-Disposition: attachment; filename="OpenPGP_0xF294825506581F28.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGdQrXIBEACdQtlt0q4nFuG/w6jmXuMpI5n1p/REUpoDI3Fu+2C1Ze46ieTM zKl5rh0+/rEBvwGn5Ox1lcu/QnujnNznNQ0g4ZarPRl3kCA2SKeyqe2vj77sfMkj 3NCF9nlvJVR/j3LgWdo8eynohrkPH8nXazSyzyZRWnUSrn7OCKMZ8KLlkixM9Av/ 58Z2lbzVxto3ehTEXprUSn+WZTuKLBuIIE4681Y0lDZbmhi6W0kQBn/kvAlND/ue G9OLijCJFT7HbikxMtKhCK82cXCSw4SeGzdhkHFLa+QdKo9W/iWYyB9jT+zresxj dfA6I/ZBvBINt7VJKxLgE18XGOiqq5TmlI4iadXv2umMBl8QAKuhA8qLBQDUdZx6 XWKO4w3xqPtzJ0fDX8OHopb0+QBtyUuxFAX+uFX0mpWbxkzjcEUxf16zN5EUwDD2 5c8Q7POoWKQWu1pA6JtBpkoPYTpdbg7lm+YIhonZLWdKduaaUXRjtRrbNRTvMZqq dMNn1WSQzrT8/81CitcETIof1G/XA/ktwWDIqzPBgofyja/ffbOLf3V6GieqcaJK oCaowBZeT1cSBw+xrpEIFiVywFFWbv0f5qWW0yOvYI2YVeckkcsJnsF19quAEgck 8zWOgaZJV8JTj0AmuvE1lqBIRBy3OVl/t7FiQ+0wduytN2U9EOvqaxoKlQARAQAB zShKb2huIEJyZXRvbiA8am9obi5icmV0b25AY2Fub25pbmNhbC5jb20+wsGXBBMB CgBBFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmdQrXICGwMFCQWjmoAFCwkIBwIC IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ8pSCVQZYHygLpQ/9E+KzsXCYkHVtcHmq S/Qyul2l3DID1Skl/4cuL33s8sQC+XQZxXCIYeXkDOhiDsx+cPwCB20c4GhMRkCw kuefTI4vOg50HhcyuKVfm6WvETWMSEYXjM4lnVuRBNkn+XsfmRG9EPk1bIlwjl0L SNY4zKvYAG9C8MZCyC2+Qz+9HQBR+0kR4Xc8Ei+PVHyuGJfdQN+b5lFghXG6zjKr x0tMWpbh9pFpd0zIpWWNMtmiJQgb8nbxrY6KEdqzi3Jqc/1H0zN1+EpmIq3JNcKV Icol4Y7tnqrkMe4Z2vhcYNdm6KyA7RqBJagYfjDKw2ZFyoZGVasbQb9mlFLHEU2p joDq7wDrI2K4RLNen4XjxOfMVG+W7XQO4CmTLZUyEUVNRy6JLepYz8EHGeaDTAnq OsIEDYnqYyHpweK1eZqhlJNNv6QquPqBS/jptGApkcgszH7I3pOhRVlZSRX4JRSm DhulXJEpPv6dGSCOZsMtsLnKRinIt/LHAsgTYLvSJixQKN2Ji3hoQVufoCKI+Qs7 hWu5L3DHxCa7j5ta3kVyrtzXM1kltvd1vAuCGdO0dhI+nZOJ67D4F+BwiTDyWNOC zM0mnHR63mC3phV6uQp2a5UzNsZFeb8l0RvhMWighQOj7pBgf8t3YNKxFb5j+p6Q LaY1OCQl3/uho8dB5ySgLLU1hcnCwYMEMAEKAC0WIQTIwMc5MbRgflSxqMjylIJV BlgfKAUCZ31mgw8dIHR5cG8gaW4gZW1haWwACgkQ8pSCVQZYHygw8w/9EMfmrGvD oW0WrRc1+0LPKUjGvD/1iCmQ0b3iKJp5rtBEsKIXUKGLMKEi/KvJ1SUNqfGR4Dj9 rmrAYDX2f6roqx/YkqTfqABeYG1kHFHXfgCnxzDbIR6ZZYWKXmYjXgQgYwloJFeg cot9/9Bims6k+zgZEtH/bxvULWerEuvkHaZiMsdOHzsiC/VdSXsW2RrH8V5cDH3Q DRsB4YTP/9gdpWprthCWsk2AJUEj/uZNmkuCmRcfxyG4mRUxnFECU0dt1wd+XRmQ 0H8lKrz1hzKJdRh2qjU/4Debf08NDqBzBktaphlPMjXlqPAvIP5NXWAvRFJm27OS LbYZtb32d2pGtu0ad0HI/B8Dqsv1x0TtUL5ymlnjaqXkajoaE7DWzL6XKsY5KStS Eyhy/EC3dskBTLr9lPLBTGzkAFkGAjB/+H2saaleIKctrwjOgD0srr9YvDBduPZJ yE03wEf3ensE6KZmc+HxBFxXz2AIQQKW/lVUC+UPmsb/8FWwmqcwJqczDHdIblEF d4OPU2u2Go1qK0GQf2RddBj2SxN05ZvqJ0iw3cRAl5phXiLzro1aLYoum+lJrtNH TQJeFJIyWe+dx/3BcQ42shzh7ap2Ipn9VGNf/EH17kJ97gRejbHN9XnfmM2MzRqs HFAsaBAd8yZJYDsxR+rnN7/KjDGiWOnROHrNN0pvaG4gQnJldG9uIChjb3JyZWN0 IGVtYWlsKSA8am9obi5icmV0b25AY2Fub25pY2FsLmNvbT7CwZcEEwEKAEEWIQTI wMc5MbRgflSxqMjylIJVBlgfKAUCZ31l3AIbAwUJBaOagAULCQgHAgIiAgYVCgkI CwIEFgIDAQIeBwIXgAAKCRDylIJVBlgfKKoVD/97VtPeqs8Qg84l3Ca83FZIa3Hd GcRCdhGR0dZ3P1xwMnfk3phFyvewSIPYD+bJDlX97z1gxNUnt0GPvpTYyjAL4uVe Yxb0jY68aUtZ6zBccKXDy+jR/8OxWgU9Ulip+LTumVuq8OD6sWIj44hzuSmdH3eC kzsqj6f5ay8SG5BR1EPJjJnAysrWlJx5j95kep+an/19+rto0t5ZGAfbmHHNPExj JbkQnTra88nUiIKRWuwyG3X2kvxL392BYm7S6cxoMADtrkS2ZSogLBBrddIL5Jfb tyS7R5gng7Uy3MTXlwZL6WYNwFX3bAk01DYV2sOn9hFG0Xh/aGx26PFw2I/YA76x AdHXcxdb+1JwTu+REOSMuvEb0M0N+anEsrWvV4BcY/UgShgtEE5+3OT6dKl62g8v 1G/jrXNz6cwbqiJoWi0U6gwsS4zgi8pXO8iCKSLMbf8/kfH1Yo0mSGGtTqt9gotU ULM/snjT3Fb4me/VcVkqOW0viwCMyp6NXdgbAnd+3Lxk9JQgn8Z9FqLIojE7Qjzm aHHK3syhGjcmLmfTFaEpbqOon5iPPjdYgmz1+FAWxekU1M53yoFed0jZEt132aHT Vz5IsJNu6aDmDbxGKARBk6+PPSDl/D5ExPUEX2TSo648lCSNP03NVlR5mToPVXxJ 1rJ/JjmcDg1VqAaKLM7BTQRnUz5jARAAvhXhR4FxcGnlv0lmEa+WL+5Sf/ygpFm5 tFHnyXJWQA3nXCJNGkibvCM03iyY8cax6MwLG0faQ9xEqu1vphigyj8kdpAcGkIn ezZWyy2e4XpWg7R3CJXRO/teGpCjxkrJ462NwQD2qFAbxe5MzgyzsmKoeEigUmod 2QGzT4nGRqdAklZ/byMAVs+eyF7X+7hUERCgHATpMELvgcSQdUV/lgrQX0g/UV+9 1CtLlTZ5RYHOlqJEb/2VBkKqXP821UV+wScwmAWOIXHRuGsqzyIb2ZB1/VLhEFEM xxsr+nrgjuzOWS2/jXrn9fSHMYlmW3TGmX9+53UNXhtsyT2FFYOc7SzwEwUDqadW johTv3slOj2vsAIW6NFQY2TjjleZFm3lQPiNDtuWZlmL3Qxz5/TDqTrSb5FHJIEN 81R8OYXzy4QDPJKm553ZKOfGKvhj3DV8BlzRJ83nZ3VcduBlnCMv1SMh8wdf39jI F33JTUqjhIuZHzs+VEYofORH+Q8witwCctH5tiJL9i5feAL04bKxH7wsnnwSl9kE eh/okSLWIglZ1JYJov/8hAnlx65DhYuBuX7s6YDaN6bcEBjJcHFQSILzFz1ulaI1 Vp17Nufsb2gOTBX8wK5K1RBP717r48P4GCHzXK8dnWuFnWAPsiJ2K74aPQ3Ei0N7 4pNp1IfxB4cAEQEAAcLBdgQYAQoAIBYhBMjAxzkxtGB+VLGoyPKUglUGWB8oBQJn Uz5jAhsMAAoJEPKUglUGWB8o5dkP/28eg2EoE/+/svXsQ/apsYClkvuvVUsB6klm HWz1B8S4kRJzwDmF2CUvttNT8PDXARdXaExxYFWU4DrptJNTwCkxMYGJOBCXAnVb T9CXFSe2Uz4Gopb55cmWE/xGPWzeBlnt7A3ImJjYI04C2cPXOF8hceGd9mg6hV23 Fj9q2FdAgO82D4k+HRixhkH0Rk/bHc9a0FKKUUbv97gGTmHo6K4idPHeBobZYYYO 0AS/H0t/ea5Ty5+sDu3O2fjecou6L1dgW6oFK68Tep3Vz+sxI3JVTLMcxNh/hxxk pTvtREFc/6Zo+PFLhuPkbAPJeZvZSG1viHkvxCfPuvySDTvi/htf3TiM9yEWgUkS iDQAy4upf/a0B+t3BSapndFNsT+8j5UinY7ux8HiGrhO5t7Br3EMmpvgStkB4v57 LkNXiwkc899ZYlC1lFOTbVgHI4uH3GTWxVjGxZoq3Bda3JTDxTpC+PM+jK5cWDbO /bieXm+zeA8/Go7vSE4kbj4tDEWpXhcnj7uc274xMepQIaPSEP32jPkDUzwD1804 GaJXC/ChkMykYmdEORRH4EfLlS9W+pBuFtktNhWGwdIVaOqVHMDi3jncz1sBsveC Nwtt7tlhxUEPfMUiH8NznH2aeFll7obgX6/yu0Vg6h+d7HBIwY9WdXyMqm/rWATk X5TWH5FT =3DNpqL -----END PGP PUBLIC KEY BLOCK-----
--------------yyYKS29lKWpQ7M1g09P7b0CE--
--------------CjH1Qtsvj0UkbFfhy8TbGSwu--
--------------Kdfo2pstPujXBm0cFx0PGVLE Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmeJS5IFAwAAAAAACgkQ8pSCVQZYHyjq iQ//VSOca8AOZ/OiAMZ9d9L8HHOv9eNkpwIgOx/V7IZOwuPdMMC//+9QXShTCGp8In+lreZtuWwC l/t28HZocpQFgewhWELgNBIdHuL6yIgoBTN/AYs9kR4TxlONaYpNaMtW8Vkx9QUGGQp9TCcdm9Rp i9wr8RnC5NrPWJr+JwUmwizvbieGFe4zRZc32ULNKkcDodMufbfLWWvulnGAhOcGjb7BEOA6d0n5 Q4MflFqhVRhzlsBsLht16t9E63DLhNQBSGLjfEbYvpsXhvhJNkhEqz+D4SMWy3q95FF3f1Hrcjum 1lTM9wdEDPjq/TycMdXt9mKqn7WVeHTrjP72oYpRdVCQ00zUxh1POQzYriL1kqU8P7aThz8cBPeC YPNxsyxnhb3oEXXCP5rzIv6iGwW/vdzdsYX/q+tyeR7xjyLPnMm6yFSy1AQFdTxTmw4MLqYZa/wa 24/qKV+tqkrU/uZYv7oIcscFQ6SuOaN8y9kIrgNZtHiaL2jG5K0Hjyq0txDRgaPex0a+S/uR964f D83fQjukmv5pBD+yt2I++18MY2OnIxOm1oiQy3oWOFDMGUwSsNr43mMviTiIF9V+i8JA59eNxcAW ntHFKSNZPqxfa3CLyMfV2MZ7/8mhaUxcsOtdhIZoC1E0tRfVbgfvBsmIB+sPPw9T5z/828rM2EX9 4AY= =UML+ -----END PGP SIGNATURE-----
--------------Kdfo2pstPujXBm0cFx0PGVLE--
--===============3019288449493040194== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============3019288449493040194==--
|
|
|
|