USN-7165-1: Spring Framework vulnerability
17 December 2024
Spring Framework could be made to run programs or expose sensitive information if it received specially crafted network traffic.
Releases
Packages
- libspring-java - Modular Java/J2EE application framework
Details
It was discovered that the Spring Framework incorrectly handled web
requests via data binding. An attacker could possibly use this issue to
achieve remote code execution and obtain sensitive information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.10
-
libspring-aop-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-beans-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-context-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-context-support-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-core-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-expression-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-instrument-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-jdbc-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-jms-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-messaging-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-orm-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-oxm-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-transaction-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-web-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-web-portlet-java
-
4.3.30-2ubuntu0.24.10.1
-
libspring-web-servlet-java
-
4.3.30-2ubuntu0.24.10.1
Ubuntu 24.04
-
libspring-aop-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-beans-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-context-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-context-support-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-core-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-expression-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-instrument-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-jdbc-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-jms-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-messaging-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-orm-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-oxm-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-transaction-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-web-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-web-portlet-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
-
libspring-web-servlet-java
-
4.3.30-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04
-
libspring-aop-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-beans-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-context-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-context-support-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-core-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-expression-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-instrument-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-jdbc-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-jms-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-messaging-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-orm-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-oxm-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-transaction-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-web-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-web-portlet-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-web-servlet-java
-
4.3.30-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04
-
libspring-aop-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-beans-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-context-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-context-support-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-core-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-expression-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-instrument-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-jdbc-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-jms-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-messaging-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-orm-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-oxm-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-transaction-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-web-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-web-portlet-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspring-web-servlet-java
-
4.3.22-4ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
libspring-aop-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-beans-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-context-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-context-support-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-core-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-expression-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-instrument-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-jdbc-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-jms-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-messaging-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-orm-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-oxm-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-transaction-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-web-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-web-portlet-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
-
libspring-web-servlet-java
-
4.3.22-1~18.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.