Home / mailings [USN-7571-1] c3p0 vulnerability
Posted on 16 June 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7571-1
June 16, 2025
c3p0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
c3p0 could be made to crash if it opened a specially crafted file.
Software Description:
- c3p0: JDBC Connection pooling library
Details:
Aaron Massey discovered that c3p0 could be made to crash when parsing
certain input. An attacker able to modify the application's XML
configuration file could possibly use this issue to cause a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
libc3p0-java 0.9.1.2-9+deb8u1ubuntu0.14.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7571-1
CVE-2019-5427
--===============5604457469043752743==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
