Ubuntu Security Notice USN-6529-1

Ubuntu Security Notice USN-6529-1: Posted Dec 5, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6529-1 - It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2021-38562, CVE-2023-41260; SHA-256 | b7781b6cef2d4e5a1231114d065fcd56952e3d3a8b5206f0f7f485e28a574086; Download | Favorite | View

Ubuntu Security Notice USN-6529-1

==========================================================================
Ubuntu Security Notice USN-6529-1
December 04, 2023

request-tracker4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Request Tracker.

Software Description:
- request-tracker4: An enterprise-grade issue tracking system

Details:

It was discovered that Request Tracker incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2021-38562, CVE-2022-25802, CVE-2023-41259,
CVE-2023-41260)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   request-tracker4                4.4.4+dfsg-2ubuntu1.23.10.1
   rt4-apache2                     4.4.4+dfsg-2ubuntu1.23.10.1
   rt4-clients                     4.4.4+dfsg-2ubuntu1.23.10.1
   rt4-db-mysql                    4.4.4+dfsg-2ubuntu1.23.10.1
   rt4-db-postgresql               4.4.4+dfsg-2ubuntu1.23.10.1
   rt4-db-sqlite                   4.4.4+dfsg-2ubuntu1.23.10.1
   rt4-fcgi                        4.4.4+dfsg-2ubuntu1.23.10.1
   rt4-standalone                  4.4.4+dfsg-2ubuntu1.23.10.1

Ubuntu 23.04:
   request-tracker4                4.4.4+dfsg-2ubuntu1.23.04.1
   rt4-apache2                     4.4.4+dfsg-2ubuntu1.23.04.1
   rt4-clients                     4.4.4+dfsg-2ubuntu1.23.04.1
   rt4-db-mysql                    4.4.4+dfsg-2ubuntu1.23.04.1
   rt4-db-postgresql               4.4.4+dfsg-2ubuntu1.23.04.1
   rt4-db-sqlite                   4.4.4+dfsg-2ubuntu1.23.04.1
   rt4-fcgi                        4.4.4+dfsg-2ubuntu1.23.04.1
   rt4-standalone                  4.4.4+dfsg-2ubuntu1.23.04.1

Ubuntu 22.04 LTS:
   request-tracker4                4.4.4+dfsg-2ubuntu1.22.04.1
   rt4-apache2                     4.4.4+dfsg-2ubuntu1.22.04.1
   rt4-clients                     4.4.4+dfsg-2ubuntu1.22.04.1
   rt4-db-mysql                    4.4.4+dfsg-2ubuntu1.22.04.1
   rt4-db-postgresql               4.4.4+dfsg-2ubuntu1.22.04.1
   rt4-db-sqlite                   4.4.4+dfsg-2ubuntu1.22.04.1
   rt4-fcgi                        4.4.4+dfsg-2ubuntu1.22.04.1
   rt4-standalone                  4.4.4+dfsg-2ubuntu1.22.04.1

Ubuntu 20.04 LTS:
   request-tracker4                4.4.3-2+deb10u3build0.20.04.1
   rt4-apache2                     4.4.3-2+deb10u3build0.20.04.1
   rt4-clients                     4.4.3-2+deb10u3build0.20.04.1
   rt4-db-mysql                    4.4.3-2+deb10u3build0.20.04.1
   rt4-db-postgresql               4.4.3-2+deb10u3build0.20.04.1
   rt4-db-sqlite                   4.4.3-2+deb10u3build0.20.04.1
   rt4-fcgi                        4.4.3-2+deb10u3build0.20.04.1
   rt4-standalone                  4.4.3-2+deb10u3build0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   request-tracker4                4.4.2-2ubuntu0.1~esm1
   rt4-apache2                     4.4.2-2ubuntu0.1~esm1
   rt4-clients                     4.4.2-2ubuntu0.1~esm1
   rt4-db-mysql                    4.4.2-2ubuntu0.1~esm1
   rt4-db-postgresql               4.4.2-2ubuntu0.1~esm1
   rt4-db-sqlite                   4.4.2-2ubuntu0.1~esm1
   rt4-fcgi                        4.4.2-2ubuntu0.1~esm1
   rt4-standalone                  4.4.2-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6529-1
   CVE-2021-38562, CVE-2022-25802, CVE-2023-41259, CVE-2023-41260

Package Information:
   https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.10.1
   https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.04.1
   https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.22.04.1
 
https://launchpad.net/ubuntu/+source/request-tracker4/4.4.3-2+deb10u3build0.20.04.1

Top Authors In Last 30 Days

Red Hat 243 files
Ubuntu 85 files
Gentoo 31 files
Debian 17 files
tmrswrr 8 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files
Jerry Thomas 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,448)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,344)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,672)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

Ubuntu Security Notice USN-6529-1

Ubuntu Security Notice USN-6529-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6529-1

Share This

Ubuntu Security Notice USN-6529-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems