USN-5365-1: H2 vulnerabilities
5 April 2022
Several security issues were fixed in H2.
Releases
Packages
- h2database - H2 Database Engine
Details
It was discovered that H2 was vulnerable to deserialization of
untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-42392)
It was discovered that H2 incorrectly handled some specially
crafted connection URLs. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2022-23221)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10
Ubuntu 20.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6834-1: h2database, libh2-java, libh2-java-doc