Source: virtuoso-opensource Version: 7.2.5.1+dfsg1-0.3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for virtuoso-opensource. CVE-2023-31607[0]: | An issue in the __libc_malloc component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31608[1]: | An issue in the artm_div_int component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31609[2]: | An issue in the dfe_unit_col_loci component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31610[3]: | An issue in the _IO_default_xsputn component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31611[4]: | An issue in the __libc_longjmp component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31612[5]: | An issue in the dfe_qexp_list component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31613[6]: | An issue in the __nss_database_lookup component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31614[7]: | An issue in the mp_box_deserialize_string function in openlink | virtuoso-opensource v7.2.9 allows attackers to cause a Denial of | Service (DoS) after running a SELECT statement. CVE-2023-31615[8]: | An issue in the chash_array component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31616[9]: | An issue in the bif_mod component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31617[10]: | An issue in the dk_set_delete component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31618[11]: | An issue in the sqlc_union_dt_wrap component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31619[12]: | An issue in the sch_name_to_object component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31620[13]: | An issue in the dv_compare component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31621[14]: | An issue in the kc_var_col component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31622[15]: | An issue in the sqlc_make_policy_trig component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31623[16]: | An issue in the mp_box_copy component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31624[17]: | An issue in the sinv_check_exp component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31625[18]: | An issue in the psiginfo component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31626[19]: | An issue in the gpf_notice component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31627[20]: | An issue in the strhash component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31628[21]: | An issue in the stricmp component of openlink virtuoso-opensource | v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted | SQL statements. CVE-2023-31629[22]: | An issue in the sqlo_union_scope component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31630[23]: | An issue in the sqlo_query_spec component of openlink virtuoso- | opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) | via crafted SQL statements. CVE-2023-31631[24]: | An issue in the sqlo_preds_contradiction component of openlink | virtuoso-opensource v7.2.9 allows attackers to cause a Denial of | Service (DoS) via crafted SQL statements. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-31607 https://www.cve.org/CVERecord?id=CVE-2023-31607 [1] https://security-tracker.debian.org/tracker/CVE-2023-31608 https://www.cve.org/CVERecord?id=CVE-2023-31608 [2] https://security-tracker.debian.org/tracker/CVE-2023-31609 https://www.cve.org/CVERecord?id=CVE-2023-31609 [3] https://security-tracker.debian.org/tracker/CVE-2023-31610 https://www.cve.org/CVERecord?id=CVE-2023-31610 [4] https://security-tracker.debian.org/tracker/CVE-2023-31611 https://www.cve.org/CVERecord?id=CVE-2023-31611 [5] https://security-tracker.debian.org/tracker/CVE-2023-31612 https://www.cve.org/CVERecord?id=CVE-2023-31612 [6] https://security-tracker.debian.org/tracker/CVE-2023-31613 https://www.cve.org/CVERecord?id=CVE-2023-31613 [7] https://security-tracker.debian.org/tracker/CVE-2023-31614 https://www.cve.org/CVERecord?id=CVE-2023-31614 [8] https://security-tracker.debian.org/tracker/CVE-2023-31615 https://www.cve.org/CVERecord?id=CVE-2023-31615 [9] https://security-tracker.debian.org/tracker/CVE-2023-31616 https://www.cve.org/CVERecord?id=CVE-2023-31616 [10] https://security-tracker.debian.org/tracker/CVE-2023-31617 https://www.cve.org/CVERecord?id=CVE-2023-31617 [11] https://security-tracker.debian.org/tracker/CVE-2023-31618 https://www.cve.org/CVERecord?id=CVE-2023-31618 [12] https://security-tracker.debian.org/tracker/CVE-2023-31619 https://www.cve.org/CVERecord?id=CVE-2023-31619 [13] https://security-tracker.debian.org/tracker/CVE-2023-31620 https://www.cve.org/CVERecord?id=CVE-2023-31620 [14] https://security-tracker.debian.org/tracker/CVE-2023-31621 https://www.cve.org/CVERecord?id=CVE-2023-31621 [15] https://security-tracker.debian.org/tracker/CVE-2023-31622 https://www.cve.org/CVERecord?id=CVE-2023-31622 [16] https://security-tracker.debian.org/tracker/CVE-2023-31623 https://www.cve.org/CVERecord?id=CVE-2023-31623 [17] https://security-tracker.debian.org/tracker/CVE-2023-31624 https://www.cve.org/CVERecord?id=CVE-2023-31624 [18] https://security-tracker.debian.org/tracker/CVE-2023-31625 https://www.cve.org/CVERecord?id=CVE-2023-31625 [19] https://security-tracker.debian.org/tracker/CVE-2023-31626 https://www.cve.org/CVERecord?id=CVE-2023-31626 [20] https://security-tracker.debian.org/tracker/CVE-2023-31627 https://www.cve.org/CVERecord?id=CVE-2023-31627 [21] https://security-tracker.debian.org/tracker/CVE-2023-31628 https://www.cve.org/CVERecord?id=CVE-2023-31628 [22] https://security-tracker.debian.org/tracker/CVE-2023-31629 https://www.cve.org/CVERecord?id=CVE-2023-31629 [23] https://security-tracker.debian.org/tracker/CVE-2023-31630 https://www.cve.org/CVERecord?id=CVE-2023-31630 [24] https://security-tracker.debian.org/tracker/CVE-2023-31631 https://www.cve.org/CVERecord?id=CVE-2023-31631 Regards, Salvatore
