USN-6258-1: LLVM Toolchain vulnerabilities
27 July 2023
Several security issues were fixed in LLVM Toolchain.
Releases
Packages
- llvm-toolchain-13 - C, C++ and Objective-C compiler
- llvm-toolchain-14 - C, C++ and Objective-C compiler
- llvm-toolchain-15 - C, C++ and Objective-C compiler
Details
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. (CVE-2023-29932,
CVE-2023-29934, CVE-2023-29939)
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. This issue only
affected llvm-toolchain-15. (CVE-2023-29933)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
-
mlir-15-tools
-
1:15.0.7-3ubuntu0.23.04.1
-
llvm-14-tools
-
1:14.0.6-12ubuntu0.23.04.1
-
mlir-13-tools
-
1:13.0.1-11ubuntu14.1
-
llvm-14
-
1:14.0.6-12ubuntu0.23.04.1
-
llvm-15
-
1:15.0.7-3ubuntu0.23.04.1
-
llvm-13
-
1:13.0.1-11ubuntu14.1
-
mlir-14-tools
-
1:14.0.6-12ubuntu0.23.04.1
-
llvm-15-tools
-
1:15.0.7-3ubuntu0.23.04.1
-
llvm-13-tools
-
1:13.0.1-11ubuntu14.1
Ubuntu 22.04
-
mlir-15-tools
-
1:15.0.7-0ubuntu0.22.04.3
-
llvm-14-tools
-
1:14.0.0-1ubuntu1.1
-
mlir-13-tools
-
1:13.0.1-2ubuntu2.2
-
llvm-14
-
1:14.0.0-1ubuntu1.1
-
llvm-15
-
1:15.0.7-0ubuntu0.22.04.3
-
llvm-13
-
1:13.0.1-2ubuntu2.2
-
mlir-14-tools
-
1:14.0.0-1ubuntu1.1
-
llvm-15-tools
-
1:15.0.7-0ubuntu0.22.04.3
-
llvm-13-tools
-
1:13.0.1-2ubuntu2.2
In general, a standard system update will make all the necessary changes.