USN-6834-1: H2 vulnerabilities
13 June 2024
H2 could be made to allow arbitrary code execution.
Releases
Packages
- h2database - H2 Database Engine
Details
It was discovered that H2 was vulnerable to deserialization of
untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-42392)
It was discovered that H2 incorrectly handled some specially
crafted connection URLs. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2022-23221)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
libh2-java
-
1.4.196-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
libh2-java
-
1.4.191-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5365-1: libh2-java, libh2-java-doc, h2database