Ubuntu Security Notice USN-6470-1

Ubuntu Security Notice USN-6470-1: Posted Nov 13, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6470-1 - It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2023-40743; SHA-256 | 448577447601ebe3fd9e50066d4b2a0042c028211e054bad6088d7b0cba693ec; Download | Favorite | View

Ubuntu Security Notice USN-6470-1

==========================================================================
Ubuntu Security Notice USN-6470-1
November 02, 2023

axis vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Axis could be made to crash or execute arbitrary code if it received specially
crafted input.

Software Description:
- axis: SOAP implementation in Java

Details:

It was discovered that Axis incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2023-40743)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   libaxis-java                    1.4-28+deb10u1build0.23.10.1
   libaxis-java-doc                1.4-28+deb10u1build0.23.10.1

Ubuntu 23.04:
   libaxis-java                    1.4-28+deb10u1build0.23.04.1
   libaxis-java-doc                1.4-28+deb10u1build0.23.04.1

Ubuntu 22.04 LTS:
   libaxis-java                    1.4-28+deb10u1build0.22.04.1
   libaxis-java-doc                1.4-28+deb10u1build0.22.04.1

Ubuntu 20.04 LTS:
   libaxis-java                    1.4-28+deb10u1build0.20.04.1
   libaxis-java-doc                1.4-28+deb10u1build0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   libaxis-java                    1.4-25ubuntu0.1~esm1
   libaxis-java-doc                1.4-25ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   libaxis-java                    1.4-24ubuntu0.1~esm1
   libaxis-java-doc                1.4-24ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6470-1
   CVE-2023-40743

Package Information:
   https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.23.10.1
   https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.23.04.1
   https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.22.04.1
   https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.20.04.1

Top Authors In Last 30 Days

Red Hat 419 files
Ubuntu 107 files
Debian 30 files
Rahad Chowdhury 21 files
BugsBD Limited 21 files
Gentoo 18 files
tmrswrr 12 files
Google Security Research 7 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,914)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,896)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,654)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,152)
UNIX (9,340)
UnixWare (187)
Windows (6,609)
Other

Ubuntu Security Notice USN-6470-1

Ubuntu Security Notice USN-6470-1

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6470-1

Share This

Ubuntu Security Notice USN-6470-1

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems