Ubuntu alert USN-6306-1 (fastdds)
| From: | Allen Huang <allen.huang@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6306-1] Fast DDS vulnerabilities | |
| Date: | Thu, 24 Aug 2023 20:11:07 +0100 | |
| Message-ID: | <4478a5ea-9f2b-603e-a90b-f2970eb629f6@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6306-1 August 24, 2023 fastdds vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS (Available with Ubuntu Pro) Summary: Fast DDS could be made to crash or expose sensitive information if it received specially crafted input. Software Description: - fastdds: eProsima FastDDS Discovery Server and Tools Details: It was discovered that Fast DDS incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service and information exposure. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38425) It was discovered that Fast DDS incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2023-39534, CVE-2023-39945, CVE-2023-39946, CVE-2023-39947, CVE-2023-39948, CVE-2023-39949) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: fastdds-tools 2.9.1+ds-1ubuntu0.1 libfastrtps2.9 2.9.1+ds-1ubuntu0.1 Ubuntu 22.04 LTS (Available with Ubuntu Pro): fastdds-tools 2.5.0+ds-3ubuntu0.1~esm1 libfastrtps2.5 2.5.0+ds-3ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6306-1 CVE-2021-38425, CVE-2023-39534, CVE-2023-39945, CVE-2023-39946, CVE-2023-39947, CVE-2023-39948, CVE-2023-39949 Package Information: https://launchpad.net/ubuntu/+source/fastdds/2.9.1+ds-1ub...