USN-6422-1: Ring vulnerabilities
9 October 2023
Several security issues were fixed in Ring.
Releases
Packages
- ring - Secure and distributed voice, video and chat platform
Details
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,
CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754,
CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031,
CVE-2022-39244)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27585)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
Ubuntu 20.04
-
jami
-
20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
-
jami-daemon
-
20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
-
ring
-
20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
-
ring-daemon
-
20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
Ubuntu 18.04
-
ring
-
20180228.1.503da2b~ds1-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
ring-daemon
-
20180228.1.503da2b~ds1-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6422-2: jami, ring, jami-daemon