Support Content Notification - Support Portal

USN-6715-1: unixODBC vulnerability

Product/Component

VMware Tanzu Application Service

0 more products

Notification Id

24703

Last Updated

22 August 2024

Initial Publication Date

07 August 2024

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

CVE-2024-1013

Severity

medium

Vendor

VMware Tanzu

Versions Affected

Canonical Ubuntu 22.04

Description

It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-6715-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libodbc1 - 2.3.1-4.1ubuntu0.1~esm2 odbcinst - 2.3.1-4.1ubuntu0.1~esm2 odbcinst1debian2 - 2.3.1-4.1ubuntu0.1~esm2 unixodbc - 2.3.1-4.1ubuntu0.1~esm2 unixodbc-dev - 2.3.1-4.1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.

Fixed VMware Products and Versions

Cflinuxfs3

0.388.0 or greater

Cflinuxfs4

1.86.0 or greater

Cf Deployment

40.1.0 or greater

References

https://ubuntu.com/security/notices/USN-6715-1

https://www.cloudfoundry.org/blog/usn-6715-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6715-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24703

History

2024-03-27: Initial vulnerability report published.