Several security issues were fixed in LLVM Toolchain.
Software Description:
- llvm-toolchain-13: C, C++ and Objective-C compiler
- llvm-toolchain-14: C, C++ and Objective-C compiler
- llvm-toolchain-15: C, C++ and Objective-C compiler
Details:
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. (CVE-2023-29932,
CVE-2023-29934, CVE-2023-29939)
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. This issue only
affected llvm-toolchain-15. (CVE-2023-29933)
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: llvm-13 1:13.0.1-11ubuntu14.1 llvm-13-tools 1:13.0.1-11ubuntu14.1 llvm-14 1:14.0.6-12ubuntu0.23.04.1 llvm-14-tools 1:14.0.6-12ubuntu0.23.04.1 llvm-15 1:15.0.7-3ubuntu0.23.04.1 llvm-15-tools 1:15.0.7-3ubuntu0.23.04.1 mlir-13-tools 1:13.0.1-11ubuntu14.1 mlir-14-tools 1:14.0.6-12ubuntu0.23.04.1 mlir-15-tools 1:15.0.7-3ubuntu0.23.04.1 Ubuntu 22.04 LTS: llvm-13 1:13.0.1-2ubuntu2.2 llvm-13-tools 1:13.0.1-2ubuntu2.2 llvm-14 1:14.0.0-1ubuntu1.1 llvm-14-tools 1:14.0.0-1ubuntu1.1 llvm-15 1:15.0.7-0ubuntu0.22.04.3 llvm-15-tools 1:15.0.7-0ubuntu0.22.04.3 mlir-13-tools 1:13.0.1-2ubuntu2.2 mlir-14-tools 1:14.0.0-1ubuntu1.1 mlir-15-tools 1:15.0.7-0ubuntu0.22.04.3 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6258-1
CVE-2023-29932, CVE-2023-29933, CVE-2023-29934, CVE-2023-29939
Get the latest Linux and open source security news straight to your inbox.