Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 16.04 ESM USN-5769-1 Critical Protobuf Denial Of Service

ubuntu
Calendar Grey December 8, 2022
Dist Ubuntu Esm H88
Multiple vulnerabilities addressed in protocol buffers impacting Ubuntu 16.04 ESM, with risks of possible service interruption included.
Several security issues were fixed in protobuf.

Summary

Several security issues were fixed in protobuf.

Software Description:

- protobuf: protocol buffers C++ library (development files)

Details:

It was discovered that protobuf did not properly manage memory when

serializing

large messages. An attacker could possibly use this issue to cause

applications

using protobuf to crash, resulting in a denial of service, or possibly

execute

arbitrary code. (CVE-2015-5237)

It was discovered that protobuf did not properly manage memory when parsing

specifically crafted messages. An attacker could possibly use this issue to

cause applications using protobuf to crash, resulting in a denial of

service.

(CVE-2022-1941)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libprotobuf-lite9v5             2.6.1-1.3ubuntu0.1~esm2
   libprotobuf9v5                  2.6.1-1.3ubuntu0.1~esm2
   libprotoc9v5                    2.6.1-1.3ubuntu0.1~esm2
   protobuf-compiler               2.6.1-1.3ubuntu0.1~esm2
   python-protobuf                 2.6.1-1.3ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5769-1

  CVE-2015-5237, CVE-2022-1941

Severity
critical
Lowest
Low
Medium
High
Critical

December 08, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.