- Vulnerability/
- USN-6422-2
USN-6422-2: Ring vulnerabilities
First published: Tue Oct 24 2023(Updated: )
It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37706) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585) Original advisory details: It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37706) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/jami | <20230206.0~ds2-1.3ubuntu0.1 | 20230206.0~ds2-1.3ubuntu0.1 |
| =23.10 | ||
| All of | ||
| ubuntu/jami-daemon | <20230206.0~ds2-1.3ubuntu0.1 | 20230206.0~ds2-1.3ubuntu0.1 |
| =23.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of USN-6422-2?
The severity of USN-6422-2 is high.
How does Ring handle certain inputs incorrectly?
Ring handles certain inputs incorrectly by not properly validating them, which could allow for the execution of arbitrary code.
How can a remote attacker exploit the vulnerability in USN-6422-2?
A remote attacker can exploit the vulnerability in USN-6422-2 by tricking a user or automated system into opening a specially crafted input file, which could lead to the execution of arbitrary code.
What is the remedy for the vulnerability in USN-6422-2?
The remedy for the vulnerability in USN-6422-2 is to update the Jami and Jami-Daemon packages to version 20230206.0~ds2-1.3ubuntu0.1 or later.
Where can I find more information about USN-6422-2?
More information about USN-6422-2 can be found on the Ubuntu Security Notices website.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6422-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.10