[USN-7571-1] c3p0 vulnerability
noreply+usn-bot at canonical.com
noreply+usn-bot at canonical.com
Mon Jun 16 18:09:50 UTC 2025
==========================================================================
Ubuntu Security Notice USN-7571-1
June 16, 2025
c3p0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
c3p0 could be made to crash if it opened a specially crafted file.
Software Description:
- c3p0: JDBC Connection pooling library
Details:
Aaron Massey discovered that c3p0 could be made to crash when parsing
certain input. An attacker able to modify the application’s XML
configuration file could possibly use this issue to cause a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
libc3p0-java 0.9.1.2-9+deb8u1ubuntu0.14.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7571-1
CVE-2019-5427
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250616/1dcd012c/attachment.sig>
More information about the ubuntu-security-announce
mailing list