==========================================================================
Ubuntu Security Notice USN-7422-1
April 07, 2025

fis-gtm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in FIS-GT.M.

Software Description:
- fis-gtm: database engine for large real-time transaction processing systems

Details:

It was discovered that FIS-GT.M could incorrectly dereference memory in
certain instances. An attacker could possibly use this issue to cause
FIS-GT.M to crash, resulting in a denial of service.
(CVE-2021-44492, CVE-2021-44498, CVE-2021-44508)

It was discovered that FIS-GT.M could perform a division by zero due to
a lack of input validation. An attacker could possibly use this issue to
cause FIS-GT.M to crash, resulting in a denial of service.
(CVE-2021-44500)

It was discovered that FIS-GT.M could be forced to allocate memory of a
chosen size through crafted input. An attacker could possibly use this
issue to exhaust the available memory of FIS-GT.M, leading to a crash
that would result in a denial of service. (CVE-2021-44502)

It was discovered that FIS-GT.M could be forced to read from uninitialized
memory due to a lack of input validation. An attacker could possibly use
this issue to cause FIS-GT.M to crash, resulting in a denial of service,
or execute arbitrary code. (CVE-2021-44506)

It was discovered that FIS-GT.M could crash due to an integer underflow.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-44509, CVE-2021-44510)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  fis-gtm                         6.3-014-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  fis-gtm-6.3-014                 6.3-014-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  fis-gtm                         6.3-007-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  fis-gtm-6.3-007                 6.3-007-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  fis-gtm                         6.3-003A-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  fis-gtm-6.3-003a                6.3-003A-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  fis-gtm                         6.2-002A-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  fis-gtm-6.2-002                 6.2-002A-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7422-1
  CVE-2021-44492, CVE-2021-44498, CVE-2021-44500, CVE-2021-44502,
  CVE-2021-44506, CVE-2021-44508, CVE-2021-44509, CVE-2021-44510