Ubuntu 22.04 LTS/23.04 USN-6258-1 Critical: LLVM Toolchain DoS
Jul 27, 2023
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
Several security issues were fixed in LLVM Toolchain.
========================================================================== Ubuntu Security Notice USN-6258-1 July 27, 2023 llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in LLVM Toolchain. Software Description: - llvm-toolchain-13: C, C++ and Objective-C compiler - llvm-toolchain-14: C, C++ and Objective-C compiler - llvm-toolchain-15: C, C++ and Objective-C compiler Details: It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. (CVE-2023-29932, CVE-2023-29934, CVE-2023-29939) It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. This issue only affected llvm-toolchain-15. (CVE-2023-29933) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: llvm-13 1:13.0.1-11ubuntu14.1 llvm-13-tools 1:13.0.1-11ubuntu14.1 llvm-14 1:14.0.6-12ubuntu0.23.04.1 llvm-14-tools 1:14.0.6-12ubuntu0.23.04.1 llvm-15 1:15.0.7-3ubuntu0.23.04.1 llvm-15-tools 1:15.0.7-3ubuntu0.23.04.1 mlir-13-tools 1:13.0.1-11ubuntu14.1 mlir-14-tools 1:14.0.6-12ubuntu0.23.04.1 mlir-15-tools 1:15.0.7-3ubuntu0.23.04.1 Ubuntu 22.04 LTS: llvm-13 1:13.0.1-2ubuntu2.2 llvm-13-tools 1:13.0.1-2ubuntu2.2 llvm-14 1:14.0.0-1ubuntu1.1 llvm-14-tools 1:14.0.0-1ubuntu1.1 llvm-15 1:15.0.7-0ubuntu0.22.04.3 llvm-15-tools 1:15.0.7-0ubuntu0.22.04.3 mlir-13-tools 1:13.0.1-2ubuntu2.2 mlir-14-tools 1:14.0.0-1ubuntu1.1 mlir-15-tools 1:15.0.7-0ubuntu0.22.04.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6258-1 CVE-2023-29932, CVE-2023-29933, CVE-2023-29934, CVE-2023-29939 Package Information: https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-11ubuntu14.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.6-12ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-3ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-2ubuntu2.2 https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-0ubuntu0.22.04.3
PREVIOUS
NEXT
Ubuntu 22.04 LTS/23.04 USN-6258-1 Critical: LLVM Toolchain DoS
ubuntu
July 27, 2023
Several security issues were fixed in LLVM Toolchain.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in LLVM Toolchain. Software Description: - llvm-toolchain-13: C, C++ and Objective-C compiler - llvm-toolchain-14: C, C++ and Objective-C compiler - llvm-toolchain-15: C, C++ and Objective-C compiler Details: It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. (CVE-2023-29932, CVE-2023-29934, CVE-2023-29939) It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service....
Read the Full Advisory
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: llvm-13 1:13.0.1-11ubuntu14.1 llvm-13-tools 1:13.0.1-11ubuntu14.1 llvm-14 1:14.0.6-12ubuntu0.23.04.1 llvm-14-tools 1:14.0.6-12ubuntu0.23.04.1 llvm-15 1:15.0.7-3ubuntu0.23.04.1 llvm-15-tools 1:15.0.7-3ubuntu0.23.04.1 mlir-13-tools 1:13.0.1-11ubuntu14.1 mlir-14-tools 1:14.0.6-12ubuntu0.23.04.1 mlir-15-tools 1:15.0.7-3ubuntu0.23.04.1 Ubuntu 22.04 LTS: llvm-13 1:13.0.1-2ubuntu2.2 llvm-13-tools 1:13.0.1-2ubuntu2.2 llvm-14 1:14.0.0-1ubuntu1.1 llvm-14-tools 1:14.0.0-1ubuntu1.1 llvm-15 1:15.0.7-0ubuntu0.22.04.3 llvm-15-tools 1:15.0.7-0ubuntu0.22.04.3 mlir-13-tools 1:13.0.1-2ubuntu2.2 mlir-14-tools 1:14.0.0-1ubuntu1.1 mlir-15-tools 1:15.0.7-0ubuntu0.22.04.3 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6258-1
CVE-2023-29932, CVE-2023-29933, CVE-2023-29934, CVE-2023-29939
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-6258-1
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-11ubuntu14.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.6-12ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-3ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-2ubuntu2.2 https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-0ubuntu0.22.04.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!