Ubuntu 5769-1: protobuf vulnerabilities | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5769-1
December 08, 2022

protobuf vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in protobuf.

Software Description:
- protobuf: protocol buffers C++ library (development files)

Details:

It was discovered that protobuf did not properly manage memory when 
serializing
large messages. An attacker could possibly use this issue to cause 
applications
using protobuf to crash, resulting in a denial of service, or possibly 
execute
arbitrary code. (CVE-2015-5237)

It was discovered that protobuf did not properly manage memory when parsing
specifically crafted messages. An attacker could possibly use this issue to
cause applications using protobuf to crash, resulting in a denial of 
service.
(CVE-2022-1941)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libprotobuf-lite9v5             2.6.1-1.3ubuntu0.1~esm2
   libprotobuf9v5                  2.6.1-1.3ubuntu0.1~esm2
   libprotoc9v5                    2.6.1-1.3ubuntu0.1~esm2
   protobuf-compiler               2.6.1-1.3ubuntu0.1~esm2
   python-protobuf                 2.6.1-1.3ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5769-1
   CVE-2015-5237, CVE-2022-1941

Ubuntu 5769-1: protobuf vulnerabilities

December 8, 2022
Several security issues were fixed in protobuf.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in protobuf. Software Description: - protobuf: protocol buffers C++ library (development files) Details: It was discovered that protobuf did not properly manage memory when serializing large messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5237) It was discovered that protobuf did not properly manage memory when parsing specifically crafted messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service. (CVE-2022-1941)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM:   libprotobuf-lite9v5             2.6.1-1.3ubuntu0.1~esm2   libprotobuf9v5                  2.6.1-1.3ubuntu0.1~esm2   libprotoc9v5                    2.6.1-1.3ubuntu0.1~esm2   protobuf-compiler               2.6.1-1.3ubuntu0.1~esm2   python-protobuf                 2.6.1-1.3ubuntu0.1~esm2 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5769-1

  CVE-2015-5237, CVE-2022-1941

Severity
Ubuntu Security Notice USN-5769-1

Package Information