Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 22.04 LTS/23.04 USN-6258-1 Critical: LLVM Toolchain DoS

ubuntu
Calendar Grey July 27, 2023
Dist Ubuntu Esm H88
Several vulnerabilities identified within the LLVM Toolchain necessitate urgent updates for Ubuntu versions 22.04 LTS and 23.04.
Several security issues were fixed in LLVM Toolchain.

Summary

Several security issues were fixed in LLVM Toolchain.

Software Description:

- llvm-toolchain-13: C, C++ and Objective-C compiler

- llvm-toolchain-14: C, C++ and Objective-C compiler

- llvm-toolchain-15: C, C++ and Objective-C compiler

Details:

It was discovered that LLVM Toolchain did not properly manage memory under

certain circumstances. If a user were tricked into opening a specially

crafted MLIR file, an attacker could possibly use this issue to cause LLVM

Toolchain to crash, resulting in a denial of service. (CVE-2023-29932,

CVE-2023-29934, CVE-2023-29939)

It was discovered that LLVM Toolchain did not properly manage memory under

certain circumstances. If a user were tricked into opening a specially

crafted MLIR file, an attacker could possibly use this issue to cause LLVM

Toolchain to crash, resulting in a denial of service. This issue only

affected llvm-toolchain-15. (CVE-2023-29933)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  llvm-13                         1:13.0.1-11ubuntu14.1
  llvm-13-tools                   1:13.0.1-11ubuntu14.1
  llvm-14                         1:14.0.6-12ubuntu0.23.04.1
  llvm-14-tools                   1:14.0.6-12ubuntu0.23.04.1
  llvm-15                         1:15.0.7-3ubuntu0.23.04.1
  llvm-15-tools                   1:15.0.7-3ubuntu0.23.04.1
  mlir-13-tools                   1:13.0.1-11ubuntu14.1
  mlir-14-tools                   1:14.0.6-12ubuntu0.23.04.1
  mlir-15-tools                   1:15.0.7-3ubuntu0.23.04.1

Ubuntu 22.04 LTS:
  llvm-13                         1:13.0.1-2ubuntu2.2
  llvm-13-tools                   1:13.0.1-2ubuntu2.2
  llvm-14                         1:14.0.0-1ubuntu1.1
  llvm-14-tools                   1:14.0.0-1ubuntu1.1
  llvm-15                         1:15.0.7-0ubuntu0.22.04.3
  llvm-15-tools                   1:15.0.7-0ubuntu0.22.04.3
  mlir-13-tools                   1:13.0.1-2ubuntu2.2
  mlir-14-tools                   1:14.0.0-1ubuntu1.1
  mlir-15-tools                   1:15.0.7-0ubuntu0.22.04.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6258-1

CVE-2023-29932, CVE-2023-29933, CVE-2023-29934, CVE-2023-29939

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6258-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here