Ubuntu alert USN-7351-1 (resteasy)
| From: | Noam Nedelec-Salmon <noam.nedelecsalmon@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7351-1] RESTEasy vulnerabilities | |
| Date: | Thu, 13 Mar 2025 16:01:37 +0100 | |
| Message-ID: | <b7f13af8-79be-4897-ac0a-8fd722be93a5@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7351-1 March 13, 2025 resteasy vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in RESTEasy. Software Description: - resteasy: RESTEasy -- Framework for RESTful Web services and Java applications Details: Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. (CVE-2020-10688) Mirko Selber discovered that RESTEasy improperly validated user input during HTTP response construction. This issue could possibly allow an attacker to cause a denial of service or execute arbitrary code. (CVE-2020-1695) It was discovered that RESTEasy unintentionally disclosed potentially sensitive server information to users during the handling of certain errors. (CVE-2020-25633) It was discovered that RESTEasy unintentionally disclosed parts of its code to users during the handling of certain errors. (CVE-2021-20289) It was discovered that RESTEasy used improper permissions when creating temporary files. An attacker could possibly use this issue to get access to sensitive data. (CVE-2023-0482) It was discovered that RESTEasy improperly handled certain HTTP requests and could be forced into a state in which it can no longer accept incoming connections. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-9622) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libresteasy-java 3.6.2-2ubuntu0.24.10.1 Ubuntu 24.04 LTS libresteasy-java 3.6.2-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libresteasy-java 3.6.2-2ubuntu0.22.04.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libresteasy-java 3.6.2-2ubuntu0.20.04.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7351-1 CVE-2020-10688, CVE-2020-1695, CVE-2020-25633, CVE-2021-20289, CVE-2023-0482, CVE-2024-9622 Package Information: https://launchpad.net/ubuntu/+source/resteasy/3.6.2-2ubun...
Attachment: None (type=text/html)
(HTML attachment elided)
Attachment: OpenPGP_0x35FCC89DFD3791C1.asc (type=application/pgp-keys)
-----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBGcM+UsBEACnxIX3dF12qyB4OKisrt1o7TWw/2QPjdzEQCyPhg4EI0SQocv1 A9HjQChQzbXVzEWPNStrsp3NqGv/GPgiICCRCR+wZbWMMKVz5QhEuVtm18399ERz GAZ6L+2//ZQfUrTIJF9edZpK+KysNGag5qyUFTOu9auDqIJ/PJPkX/tEL2vx3DE0 OtQZmBxmKinOdzAA+kct3xf2FaAIQoSq/gRIeFS3zCQgOvncIs8WGcS/ZOQNhrLq ULFIayVOjmx0GEjvOWe9Fp883v20p2Fxf9qDPpyX5lVE2/Uu/GOhK5IPQH5ls688 E/KjXgi1Kw1SLcrAIjOk3JjWXzcV5og/flNqaKkqnSpRQ/up2NeQukSTkqLSZvyK hjnpyGjosbjdIVQ2lqjz2S94pDHaOCjROpS9WDXAhQscL07xa1ld5d0E2BCAD3YO d+Q6zVGrWAh3GhBBQm9XWCBJlrXHO03dHI4VXgnYC3zHyW6BSMhmEH4aepcCK/NA U7WCvf8QcLiWwy2qVwlgrVr2GfjP1HG16UZlWXQD6Ooxbrmw7nZr/LAk6bSEjNzV O3vROUk7drdmq4VN+2tZHnsnGFXzIwLvHNbwVSzv3FfRLt6uLC8EifrFysJ4yJIz 3C80qa1i1VfSAjw1uVe4sTBKXo4Ap1BFia+S07EMgSWdkV5oQz2b3Jr9cQARAQAB zTZOb2FtIE5lZGVsZWMtU2FsbW9uIDxub2FtLm5lZGVsZWNzYWxtb25AY2Fub25p Y2FsLmNvbT7CwZEEEwEKADsWIQSKjhLfH3pjEbIqx+Q1/Mid/TeRwQUCZwz5SwIb AwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRA1/Mid/TeRwU2rEACFY4wW Q2gXo1Hw/wkMsjVD1HqUqtPB9KBs+1+nvGOXjmgsszaRSNAlYUAQElRDYyBON2PB O34TPV9e7KdW4vJSWFgP8En2kA613W/MJsW7hwH3M5cqBJucwyfCqFryzk0vJ6Jr ZNjUlRr3dPYQ5calEdn5aQBD4AkY58liC2kOYC1DTe4iA1Zqxu+kapN36PwEPT7u QQ22ssqKtR2DzGj7erZpfGfkEBI142FUfPtbfYu4UbGcXi86Tvf19Qc/GivLDuTJ aNYrIQNDk7I4vwXpl2TvK6u5u+2PX0MGRQ8HNztieB5FiXtkoG8/fVoTlmySK6yq 4qq4Kv4HuKVd+1YAXFGMdyAc1fruXDeO4Ne/06yLEfXZUSAV/It4Rk38ad4gwRsb eCS0C3/DXNXw9W2Dd4cOmn9YQx3QXynVrKOHi05IZUryCRyrhPfD/gJq0BtWc7PZ gOPTMbCZuaDnT4kQso2OPunL3QKqgCRa1JnRV11JQ344jZYMqf/C7opH/v+QBAVg V2XCfkcyVk8Ikiyr8FRA24noAYCPqgovrhabpLVcKpQ0ulcTiwIiIBkA8OfZV9cG 9pEmHiaEsHiUm/yoJ5j/zWytM8jyoZdfKjt76gIpIOwx90okD2qNU4I9GC6LtnX6 hA6TCRBVnv9kmMuhv0dmiiQqX4aAj9J8W2xLHc7BTQRnDPlLARAAyfXjcjkjx/FM 13ptrTyqajvVAmkidTo0PhJgl0boDB5TGSIfGY9+ta2z8Awqb3xtwZ2L5GLdJXQq LV3/VGK0D++X/icGNT+7xgynmUEHmneEHBXlGUcOr3SU8kcd6OV2CNu8AmrCvktP 1zqYBbJ5hFyuaZvTGeM9AHMhyHJddd5vDVBJN8geVHUDuyzAIk31l+m0LWPGR3TA /WtqMQOpfYVDbh7r1p9SkTcjJLEIeuo4Whrn7Y5QRkF2KXvj/F5xWyCQtYEqSyGF o9XLXqhb7sxCYEzBQc/7wrXh84dU+Rd3FgKKeOxX2HVchauJgX8fsbS6NaMfvkVJ fzTzHKfJ8NtqmxA6yMpMdfrS+mFSIxm/Nb7N3VmWNZhbWbp4ueUXd1YHyhy+Xkad ti/E/GyVBACOZKTKT7pYk088heDpz6TVafWa2keC5VJq2htgKr4yyXTp/9PyN8Mx jmbqcwApEHUmata4PSWk3XvdKCo+742fIJQGV/pel+V0/iyqwg/Gcv/sek3gCK1X NLWp9ZJBmIVNXtKpaAq/R04v7AIm2O/LQ5b/0m4KTzRJwgO8hDU25DTqOjbZbumo qI3H8w+pTM4Jm9zwoN6fsoZN3oRLjh+6BFeD77C6sAK87TAIrgywvRcWjm4OeOwL dUoApFez6mF4ebHUtsjNWSo2Xun27q0AEQEAAcLBdgQYAQoAIBYhBIqOEt8femMR sirH5DX8yJ39N5HBBQJnDPlLAhsMAAoJEDX8yJ39N5HBqEkQAJAxb5ecILu4MXww Wg7qyMNFmXd2fU3rfDzUyN8gPCLjbloc6GAi/IgeSx3HMI0igeuX5zTwu2cOdnmY 4nFn4Ochi5ln+Uotc6cNJPhHkdIq/Xwyx7tEtXDn/KNZay7T3g8mci2cFKtQQuLZ Fmkp7E5ADKfHa6IfhOzUFJAk0sH9dxyIZuvUCCY2Ib89fy8/wDcUglsLHzir1pIX FFTTmIzu6bnjUDrGNR8kIq8qVuAM0rOqUHc8nLbyHEhNvdxNDAAT7zm4Oz2oELZs Oua49hJ6YW74gtBeizQR6WM1tD7BJbUrvWfw6j+vifYmkzeoZpIA6/qtLje1ytia HJHknvXuim5MzF7IO0xgm1/zXEhVvQkV1PxXsIccKtV3cMZ7tqHu+9u6+MVRKvG2 UdhdKHJOLnHZTfcx6eUWr5wvVtJHrHg2WpczbxRIv5FM4MAhiuk22eKqyQ+57092 oQzTH3cUb8kfgzC8zONMg3aMkiUmoGjvG81CJ5CZLmsMJTnlDvnb4rJ4jeU8HVf4 /hXJxBJnz9OEamU0w0qr57p1oRj22bt+wNlTE63A13YNznxinJ48Fa4nXZQZEyJi BFcZwfRKMHtbX/pQc07XJuCqF+AAEC23yxDz5WRncN3EVBmII0SCOaZGQ4mIdh0H i20vXIyHZEv45UkTIVnfRvrbetiE =uUCC -----END PGP PUBLIC KEY BLOCK-----
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEio4S3x96YxGyKsfkNfzInf03kcEFAmfS81EFAwAAAAAACgkQNfzInf03kcHn 5Q//XFq3YrJnOWNM8FnsyzTkRbYJofL4T7mMD32P0fUYEv99XQZIcepqhOvem/MWhMMlVoajAvyA CNr5+wBGNqFdDXdssUr8ysvm4aKvcMTctC/Rjwlttokh/ACurj5rYzFy34TKD/8JksqxA399uUzl tawRjhMVF69hIhr5TEE3uUD5/j02AKrf52dZ7g7OkEiuXmUyFB6AFAAmnl0jKVIISqN2R1c8nlun +efLWQFKg10Seh4+DN8LoebJPxMhqgaEMzfF/oxVx07Itc4EYQZwMQGH8SSPfv1HEJ/KCU3tszYx ianbjUTMU7g9qRur581Z8+sUKGwuMVxQsdY/urLVoxm5CJRmbv43FIYSDfPg5/50F7yacEyQxYDi Jdf2+hCN+kyqTN20nJcBYhB4zoKLE2NzqMKm5aRT8n9h3O5SpebjciLy53GxIfMVqOZa2h5dfzJQ /RV+BbV00qOqY7Rbc/yk0TnXaUvitzJOwLTlWyMRIyW7KhLh648isGs2Yjt2VzZopaeFCuwwtmp6 xf1yt9HNnlz8by7J+yUiGRL4zZx8wvaKKfI7VA8a63Nowd7Kt1dkzwb+Jd/KZuY8zaIXs5vI7PUq E1DCDGB4FItItI5Eat7n2oYBUsQrQZEvTHK/vbyHe1e+Y8koyHaE47di3QaiNWUQRkXA4DldGqJ8 qOI= =LYQa -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)