- Vulnerability/
- USN-6422-1
USN-6422-1: Ring vulnerabilities
First published: Mon Oct 09 2023(Updated: )
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37706) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/jami | <20230206.0~ds1-5ubuntu0.1 | 20230206.0~ds1-5ubuntu0.1 |
| =23.04 | ||
| All of | ||
| ubuntu/jami-daemon | <20230206.0~ds1-5ubuntu0.1 | 20230206.0~ds1-5ubuntu0.1 |
| =23.04 | ||
| All of | ||
| ubuntu/jami | <20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 | 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/jami-daemon | <20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 | 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/ring | <20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 | 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/ring-daemon | <20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 | 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/ring | <20180228.1.503da2b~ds1-1ubuntu0.1~esm1 | 20180228.1.503da2b~ds1-1ubuntu0.1~esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/ring-daemon | <20180228.1.503da2b~ds1-1ubuntu0.1~esm1 | 20180228.1.503da2b~ds1-1ubuntu0.1~esm1 |
| =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-37706
- https://ubuntu.com/security/CVE-2022-39244
- https://ubuntu.com/security/CVE-2022-31031
- https://ubuntu.com/security/CVE-2021-43301
- https://ubuntu.com/security/CVE-2022-23608
- https://ubuntu.com/security/CVE-2022-24793
- https://ubuntu.com/security/CVE-2022-23537
- https://ubuntu.com/security/CVE-2021-43299
- https://ubuntu.com/security/CVE-2022-24763
- https://ubuntu.com/security/CVE-2022-24764
- https://ubuntu.com/security/CVE-2021-43845
- https://ubuntu.com/security/CVE-2022-21722
- https://ubuntu.com/security/CVE-2021-43804
- https://ubuntu.com/security/CVE-2021-43300
- https://ubuntu.com/security/CVE-2021-43303
- https://ubuntu.com/security/CVE-2022-21723
- https://ubuntu.com/security/CVE-2022-23547
- https://ubuntu.com/security/CVE-2023-27585
- https://ubuntu.com/security/CVE-2021-43302
- https://ubuntu.com/security/CVE-2022-24754
- https://ubuntu.com/security/notices/USN-6422-2
- https://launchpad.net/ubuntu/+source/ring/20230206.0~ds1-5ubuntu0.1
- https://launchpad.net/ubuntu/+source/ring/20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
- https://ubuntu.com/security/notices/USN-6422-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for the Ring vulnerability?
The vulnerability ID for the Ring vulnerability is CVE-2021-37706.
How can a remote attacker exploit the Ring vulnerability?
A remote attacker could exploit the Ring vulnerability by tricking a user or automated system into opening a specially crafted input file.
What is the severity of the Ring vulnerability?
The severity of the Ring vulnerability is not specified in the information provided.
Which versions of Jami are affected by the Ring vulnerability?
The versions of Jami affected by the Ring vulnerability are 20230206.0~ds1-5ubuntu0.1, 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1, and 20180228.1.503da2b~ds1-1ubuntu0.1~esm1.
How do I fix the Ring vulnerability?
To fix the Ring vulnerability, update the Jami and Jami-Daemon packages to the specified remedy versions provided by Ubuntu.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6422-2
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04