UBUNTU-CVE-2021-32773

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-32773

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-32773.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-32773

Related

CVE-2021-32773

Published

2021-07-20T00:15:00Z

Modified

2024-10-15T14:08:10Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow system functions to be controlled by the attacker, giving access to facilities intended to be restricted. This problem is fixed in Racket version 8.2. A workaround is available, depending on system settings. For systems that provide arbitrary Racket evaluation, external sandboxing such as containers limit the impact of the problem. For multi-user evaluation systems, such as the handin-server system, it is not possible to work around this problem and upgrading is required.

References

Affected packages

Ubuntu:Pro:16.04:LTS / racket

Package

Name: racket
Purl: pkg:deb/ubuntu/racket?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2-2

6.2-3

6.3-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / racket

Package

Name: racket
Purl: pkg:deb/ubuntu/racket?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.9-2

6.11+dfsg1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / racket

Package

Name: racket
Purl: pkg:deb/ubuntu/racket?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.2+dfsg1-2ubuntu2

7.2+dfsg1-2ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / racket

Package

Name: racket
Purl: pkg:deb/ubuntu/racket?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.9+dfsg1-2build1

8.*

8.2+dfsg1-2

8.2+dfsg1-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / racket

Package

Name: racket
Purl: pkg:deb/ubuntu/racket?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.10+dfsg1-2ubuntu1

8.12+dfsg1-7ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / racket

Package

Name: racket
Purl: pkg:deb/ubuntu/racket?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.7+dfsg1-1

8.10+dfsg1-2

8.10+dfsg1-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}