Bug#1036467: virtuoso-opensource: CVE-2023-31607 CVE-2023-31608 CVE-2023-31609 CVE-2023-31610 CVE-2023-31611 CVE-2023-31612 CVE-2023-31613 CVE-2023-31614 CVE-2023-31615 CVE-2023-31616 CVE-2023-31617 CVE-2023-31618 CVE-2023-31619 CVE-2023-31620 CVE-2023-31621 CVE-2023-31622 CVE-2023-31623 CVE-2023-31624 CVE-2023-31625 CVE-2023-31626 CVE-2023-31627 CVE-2023-31628 CVE-2023-31629 CVE-2023-31630 CVE-2023-31631
Salvatore Bonaccorso
carnil at debian.org
Sun May 21 19:43:40 BST 2023
Source: virtuoso-opensource
Version: 7.2.5.1+dfsg1-0.3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for virtuoso-opensource.
CVE-2023-31607[0]:
| An issue in the __libc_malloc component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31608[1]:
| An issue in the artm_div_int component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31609[2]:
| An issue in the dfe_unit_col_loci component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31610[3]:
| An issue in the _IO_default_xsputn component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31611[4]:
| An issue in the __libc_longjmp component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31612[5]:
| An issue in the dfe_qexp_list component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31613[6]:
| An issue in the __nss_database_lookup component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31614[7]:
| An issue in the mp_box_deserialize_string function in openlink
| virtuoso-opensource v7.2.9 allows attackers to cause a Denial of
| Service (DoS) after running a SELECT statement.
CVE-2023-31615[8]:
| An issue in the chash_array component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31616[9]:
| An issue in the bif_mod component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31617[10]:
| An issue in the dk_set_delete component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31618[11]:
| An issue in the sqlc_union_dt_wrap component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31619[12]:
| An issue in the sch_name_to_object component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31620[13]:
| An issue in the dv_compare component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31621[14]:
| An issue in the kc_var_col component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31622[15]:
| An issue in the sqlc_make_policy_trig component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31623[16]:
| An issue in the mp_box_copy component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31624[17]:
| An issue in the sinv_check_exp component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31625[18]:
| An issue in the psiginfo component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31626[19]:
| An issue in the gpf_notice component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31627[20]:
| An issue in the strhash component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31628[21]:
| An issue in the stricmp component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31629[22]:
| An issue in the sqlo_union_scope component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31630[23]:
| An issue in the sqlo_query_spec component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31631[24]:
| An issue in the sqlo_preds_contradiction component of openlink
| virtuoso-opensource v7.2.9 allows attackers to cause a Denial of
| Service (DoS) via crafted SQL statements.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-31607
https://www.cve.org/CVERecord?id=CVE-2023-31607
[1] https://security-tracker.debian.org/tracker/CVE-2023-31608
https://www.cve.org/CVERecord?id=CVE-2023-31608
[2] https://security-tracker.debian.org/tracker/CVE-2023-31609
https://www.cve.org/CVERecord?id=CVE-2023-31609
[3] https://security-tracker.debian.org/tracker/CVE-2023-31610
https://www.cve.org/CVERecord?id=CVE-2023-31610
[4] https://security-tracker.debian.org/tracker/CVE-2023-31611
https://www.cve.org/CVERecord?id=CVE-2023-31611
[5] https://security-tracker.debian.org/tracker/CVE-2023-31612
https://www.cve.org/CVERecord?id=CVE-2023-31612
[6] https://security-tracker.debian.org/tracker/CVE-2023-31613
https://www.cve.org/CVERecord?id=CVE-2023-31613
[7] https://security-tracker.debian.org/tracker/CVE-2023-31614
https://www.cve.org/CVERecord?id=CVE-2023-31614
[8] https://security-tracker.debian.org/tracker/CVE-2023-31615
https://www.cve.org/CVERecord?id=CVE-2023-31615
[9] https://security-tracker.debian.org/tracker/CVE-2023-31616
https://www.cve.org/CVERecord?id=CVE-2023-31616
[10] https://security-tracker.debian.org/tracker/CVE-2023-31617
https://www.cve.org/CVERecord?id=CVE-2023-31617
[11] https://security-tracker.debian.org/tracker/CVE-2023-31618
https://www.cve.org/CVERecord?id=CVE-2023-31618
[12] https://security-tracker.debian.org/tracker/CVE-2023-31619
https://www.cve.org/CVERecord?id=CVE-2023-31619
[13] https://security-tracker.debian.org/tracker/CVE-2023-31620
https://www.cve.org/CVERecord?id=CVE-2023-31620
[14] https://security-tracker.debian.org/tracker/CVE-2023-31621
https://www.cve.org/CVERecord?id=CVE-2023-31621
[15] https://security-tracker.debian.org/tracker/CVE-2023-31622
https://www.cve.org/CVERecord?id=CVE-2023-31622
[16] https://security-tracker.debian.org/tracker/CVE-2023-31623
https://www.cve.org/CVERecord?id=CVE-2023-31623
[17] https://security-tracker.debian.org/tracker/CVE-2023-31624
https://www.cve.org/CVERecord?id=CVE-2023-31624
[18] https://security-tracker.debian.org/tracker/CVE-2023-31625
https://www.cve.org/CVERecord?id=CVE-2023-31625
[19] https://security-tracker.debian.org/tracker/CVE-2023-31626
https://www.cve.org/CVERecord?id=CVE-2023-31626
[20] https://security-tracker.debian.org/tracker/CVE-2023-31627
https://www.cve.org/CVERecord?id=CVE-2023-31627
[21] https://security-tracker.debian.org/tracker/CVE-2023-31628
https://www.cve.org/CVERecord?id=CVE-2023-31628
[22] https://security-tracker.debian.org/tracker/CVE-2023-31629
https://www.cve.org/CVERecord?id=CVE-2023-31629
[23] https://security-tracker.debian.org/tracker/CVE-2023-31630
https://www.cve.org/CVERecord?id=CVE-2023-31630
[24] https://security-tracker.debian.org/tracker/CVE-2023-31631
https://www.cve.org/CVERecord?id=CVE-2023-31631
Regards,
Salvatore
More information about the debian-science-maintainers
mailing list