==========================================================================
Ubuntu Security Notice USN-7571-1
June 16, 2025

c3p0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

c3p0 could be made to crash if it opened a specially crafted file.

Software Description:
- c3p0: JDBC Connection pooling library

Details:

Aaron Massey discovered that c3p0 could be made to crash when parsing
certain input. An attacker able to modify the application’s XML
configuration file could possibly use this issue to cause a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  libc3p0-java                    0.9.1.2-9+deb8u1ubuntu0.14.04.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7571-1
  CVE-2019-5427