hsqldb-1.8.1.3-15.el7
エラータID: AXSA:2022-4236:01
The hsqldb packages provide a relational database management system written in Java. The Hyper Structured Query Language Database (HSQLDB) contains a JDBC driver to support a subset of ANSI-92 SQL.
Security Fix(es):
* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-41853
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
Update packages.
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
N/A
SRPMS
- hsqldb-1.8.1.3-15.el7.src.rpm
MD5: 45608a0aa9531e04ac8d177998e1525a
SHA-256: 3047c68bf44bfe5e6f0291b970a7792d271439cf49ae1e55b8e7568792057bf8
Size: 2.95 MB
Asianux Server 7 for x86_64
- hsqldb-1.8.1.3-15.el7.noarch.rpm
MD5: 21f0ac584b23105bf61797d41475d0f2
SHA-256: 723d9b6ce81cf6c5902c2081cd272c8fa70a76adc47d0e575508de1a401cd305
Size: 950.12 kB