- Vulnerability/
- USN-6529-1
4/12/2023
USN-6529-1: Request Tracker vulnerabilities
First published: Mon Dec 04 2023(Updated: )
It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-38562, CVE-2022-25802, CVE-2023-41259, CVE-2023-41260)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/request-tracker4 | <4.4.4+dfsg-2ubuntu1.23.10.1 | 4.4.4+dfsg-2ubuntu1.23.10.1 |
| Ubuntu Linux | =23.10 | |
| All of | ||
| ubuntu/rt4-apache2 | <4.4.4+dfsg-2ubuntu1.23.10.1 | 4.4.4+dfsg-2ubuntu1.23.10.1 |
| Ubuntu Linux | =23.10 | |
| All of | ||
| ubuntu/rt4-clients | <4.4.4+dfsg-2ubuntu1.23.10.1 | 4.4.4+dfsg-2ubuntu1.23.10.1 |
| Ubuntu Linux | =23.10 | |
| All of | ||
| ubuntu/rt4-db-mysql | <4.4.4+dfsg-2ubuntu1.23.10.1 | 4.4.4+dfsg-2ubuntu1.23.10.1 |
| Ubuntu Linux | =23.10 | |
| All of | ||
| ubuntu/rt4-db-postgresql | <4.4.4+dfsg-2ubuntu1.23.10.1 | 4.4.4+dfsg-2ubuntu1.23.10.1 |
| Ubuntu Linux | =23.10 | |
| All of | ||
| ubuntu/rt4-db-sqlite | <4.4.4+dfsg-2ubuntu1.23.10.1 | 4.4.4+dfsg-2ubuntu1.23.10.1 |
| Ubuntu Linux | =23.10 | |
| All of | ||
| ubuntu/rt4-fcgi | <4.4.4+dfsg-2ubuntu1.23.10.1 | 4.4.4+dfsg-2ubuntu1.23.10.1 |
| Ubuntu Linux | =23.10 | |
| All of | ||
| ubuntu/rt4-standalone | <4.4.4+dfsg-2ubuntu1.23.10.1 | 4.4.4+dfsg-2ubuntu1.23.10.1 |
| Ubuntu Linux | =23.10 | |
| All of | ||
| ubuntu/request-tracker4 | <4.4.4+dfsg-2ubuntu1.23.04.1 | 4.4.4+dfsg-2ubuntu1.23.04.1 |
| Ubuntu Linux | =23.04 | |
| All of | ||
| ubuntu/rt4-apache2 | <4.4.4+dfsg-2ubuntu1.23.04.1 | 4.4.4+dfsg-2ubuntu1.23.04.1 |
| Ubuntu Linux | =23.04 | |
| All of | ||
| ubuntu/rt4-clients | <4.4.4+dfsg-2ubuntu1.23.04.1 | 4.4.4+dfsg-2ubuntu1.23.04.1 |
| Ubuntu Linux | =23.04 | |
| All of | ||
| ubuntu/rt4-db-mysql | <4.4.4+dfsg-2ubuntu1.23.04.1 | 4.4.4+dfsg-2ubuntu1.23.04.1 |
| Ubuntu Linux | =23.04 | |
| All of | ||
| ubuntu/rt4-db-postgresql | <4.4.4+dfsg-2ubuntu1.23.04.1 | 4.4.4+dfsg-2ubuntu1.23.04.1 |
| Ubuntu Linux | =23.04 | |
| All of | ||
| ubuntu/rt4-db-sqlite | <4.4.4+dfsg-2ubuntu1.23.04.1 | 4.4.4+dfsg-2ubuntu1.23.04.1 |
| Ubuntu Linux | =23.04 | |
| All of | ||
| ubuntu/rt4-fcgi | <4.4.4+dfsg-2ubuntu1.23.04.1 | 4.4.4+dfsg-2ubuntu1.23.04.1 |
| Ubuntu Linux | =23.04 | |
| All of | ||
| ubuntu/rt4-standalone | <4.4.4+dfsg-2ubuntu1.23.04.1 | 4.4.4+dfsg-2ubuntu1.23.04.1 |
| Ubuntu Linux | =23.04 | |
| All of | ||
| ubuntu/request-tracker4 | <4.4.4+dfsg-2ubuntu1.22.04.1 | 4.4.4+dfsg-2ubuntu1.22.04.1 |
| Ubuntu Linux | =22.04 | |
| All of | ||
| ubuntu/rt4-apache2 | <4.4.4+dfsg-2ubuntu1.22.04.1 | 4.4.4+dfsg-2ubuntu1.22.04.1 |
| Ubuntu Linux | =22.04 | |
| All of | ||
| ubuntu/rt4-clients | <4.4.4+dfsg-2ubuntu1.22.04.1 | 4.4.4+dfsg-2ubuntu1.22.04.1 |
| Ubuntu Linux | =22.04 | |
| All of | ||
| ubuntu/rt4-db-mysql | <4.4.4+dfsg-2ubuntu1.22.04.1 | 4.4.4+dfsg-2ubuntu1.22.04.1 |
| Ubuntu Linux | =22.04 | |
| All of | ||
| ubuntu/rt4-db-postgresql | <4.4.4+dfsg-2ubuntu1.22.04.1 | 4.4.4+dfsg-2ubuntu1.22.04.1 |
| Ubuntu Linux | =22.04 | |
| All of | ||
| ubuntu/rt4-db-sqlite | <4.4.4+dfsg-2ubuntu1.22.04.1 | 4.4.4+dfsg-2ubuntu1.22.04.1 |
| Ubuntu Linux | =22.04 | |
| All of | ||
| ubuntu/rt4-fcgi | <4.4.4+dfsg-2ubuntu1.22.04.1 | 4.4.4+dfsg-2ubuntu1.22.04.1 |
| Ubuntu Linux | =22.04 | |
| All of | ||
| ubuntu/rt4-standalone | <4.4.4+dfsg-2ubuntu1.22.04.1 | 4.4.4+dfsg-2ubuntu1.22.04.1 |
| Ubuntu Linux | =22.04 | |
| All of | ||
| ubuntu/request-tracker4 | <4.4.3-2+deb10u3build0.20.04.1 | 4.4.3-2+deb10u3build0.20.04.1 |
| Ubuntu Linux | =20.04 | |
| All of | ||
| ubuntu/rt4-apache2 | <4.4.3-2+deb10u3build0.20.04.1 | 4.4.3-2+deb10u3build0.20.04.1 |
| Ubuntu Linux | =20.04 | |
| All of | ||
| ubuntu/rt4-clients | <4.4.3-2+deb10u3build0.20.04.1 | 4.4.3-2+deb10u3build0.20.04.1 |
| Ubuntu Linux | =20.04 | |
| All of | ||
| ubuntu/rt4-db-mysql | <4.4.3-2+deb10u3build0.20.04.1 | 4.4.3-2+deb10u3build0.20.04.1 |
| Ubuntu Linux | =20.04 | |
| All of | ||
| ubuntu/rt4-db-postgresql | <4.4.3-2+deb10u3build0.20.04.1 | 4.4.3-2+deb10u3build0.20.04.1 |
| Ubuntu Linux | =20.04 | |
| All of | ||
| ubuntu/rt4-db-sqlite | <4.4.3-2+deb10u3build0.20.04.1 | 4.4.3-2+deb10u3build0.20.04.1 |
| Ubuntu Linux | =20.04 | |
| All of | ||
| ubuntu/rt4-fcgi | <4.4.3-2+deb10u3build0.20.04.1 | 4.4.3-2+deb10u3build0.20.04.1 |
| Ubuntu Linux | =20.04 | |
| All of | ||
| ubuntu/rt4-standalone | <4.4.3-2+deb10u3build0.20.04.1 | 4.4.3-2+deb10u3build0.20.04.1 |
| Ubuntu Linux | =20.04 | |
| All of | ||
| ubuntu/request-tracker4 | <4.4.2-2ubuntu0.1~esm1 | 4.4.2-2ubuntu0.1~esm1 |
| Ubuntu Linux | =18.04 | |
| All of | ||
| ubuntu/rt4-apache2 | <4.4.2-2ubuntu0.1~esm1 | 4.4.2-2ubuntu0.1~esm1 |
| Ubuntu Linux | =18.04 | |
| All of | ||
| ubuntu/rt4-clients | <4.4.2-2ubuntu0.1~esm1 | 4.4.2-2ubuntu0.1~esm1 |
| Ubuntu Linux | =18.04 | |
| All of | ||
| ubuntu/rt4-db-mysql | <4.4.2-2ubuntu0.1~esm1 | 4.4.2-2ubuntu0.1~esm1 |
| Ubuntu Linux | =18.04 | |
| All of | ||
| ubuntu/rt4-db-postgresql | <4.4.2-2ubuntu0.1~esm1 | 4.4.2-2ubuntu0.1~esm1 |
| Ubuntu Linux | =18.04 | |
| All of | ||
| ubuntu/rt4-db-sqlite | <4.4.2-2ubuntu0.1~esm1 | 4.4.2-2ubuntu0.1~esm1 |
| Ubuntu Linux | =18.04 | |
| All of | ||
| ubuntu/rt4-fcgi | <4.4.2-2ubuntu0.1~esm1 | 4.4.2-2ubuntu0.1~esm1 |
| Ubuntu Linux | =18.04 | |
| All of | ||
| ubuntu/rt4-standalone | <4.4.2-2ubuntu0.1~esm1 | 4.4.2-2ubuntu0.1~esm1 |
| Ubuntu Linux | =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2022-25802
- https://ubuntu.com/security/CVE-2023-41260
- https://ubuntu.com/security/CVE-2023-41259
- https://ubuntu.com/security/CVE-2021-38562
- https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.10.1
- https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.04.1
- https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.22.04.1
- https://launchpad.net/ubuntu/+source/request-tracker4/4.4.3-2+deb10u3build0.20.04.1
- https://ubuntu.com/security/notices/USN-6529-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-6529-1?
USN-6529-1 is classified as a medium severity vulnerability that allows potential access to sensitive information.
How do I fix USN-6529-1?
To fix USN-6529-1, upgrade to the affected packages which are version 4.4.4+dfsg-2ubuntu1.23.04.1 or newer.
Which versions are affected by USN-6529-1?
USN-6529-1 affects Request Tracker versions prior to 4.4.4+dfsg-2ubuntu1.23.10.1.
What products are impacted by USN-6529-1?
USN-6529-1 impacts multiple Ubuntu products running Request Tracker, such as Ubuntu 18.04, 20.04, and 23.04.
Can USN-6529-1 be exploited remotely?
Yes, if a user is tricked into opening a specially crafted input file, a remote attacker could exploit USN-6529-1.
- agent/title
- agent/type
- agent/description
- agent/severity
- agent/references
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/usn
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu linux
- version/ubuntu linux/23.10
- version/ubuntu linux/23.04
- version/ubuntu linux/22.04
- version/ubuntu linux/20.04
- version/ubuntu linux/18.04