USN-7966-1: Snowflake vulnerabilities

Packages

snowflake - Cloud-based data platform.

Details

It was discovered that Pion DTLS, vendored in Snowflake, did not impose a limit
on the amount of data that was buffered during the handshake. An attacker could
possibly use the issue to cause a denial of service. (CVE-2022-29189)

It was discovered that Pion DTLS, vendored in Snowflake, did not prevent the
fragmentBuffer from processing zero length fragments. An attacker could
possibly use the issue to cause a denial of service. (CVE-2022-29190)

It was discovered that Pion DTLS, vendored in Snowflake, did not require
CertificateVerify when Client Cert was sent. An attacker could
possibly use the issue to cause a denial of service. (CVE-2022-29222)

It was discovered that Pion DTLS, vendored in Snowflake, did not impose a limit
on the amount of data that was buffered during the handshake. An attacker could
possibly use the issue to cause a denial of service. (CVE-2022-29189)

It was discovered that Pion DTLS, vendored in Snowflake, did not prevent the
fragmentBuffer from processing zero length fragments. An attacker could
possibly use the issue to cause a denial of service. (CVE-2022-29190)

It was discovered that Pion DTLS, vendored in Snowflake, did not require
CertificateVerify when Client Cert was sent. An attacker could
possibly use the issue to cause a denial of service. (CVE-2022-29222)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
22.04 LTS jammy	snowflake-client – 1.1.0-2ubuntu0.1+esm2
22.04 LTS jammy	snowflake-proxy – 1.1.0-2ubuntu0.1+esm2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

USN-7966-2

USN-7966-2

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices