USN-5769-1: protobuf vulnerabilities
8 December 2022
Several security issues were fixed in protobuf.
- protobuf - protocol buffers C++ library (development files)
It was discovered that protobuf did not properly manage memory when serializing
large messages. An attacker could possibly use this issue to cause applications
using protobuf to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-5237)
It was discovered that protobuf did not properly manage memory when parsing
specifically crafted messages. An attacker could possibly use this issue to
cause applications using protobuf to crash, resulting in a denial of service.
The problem can be corrected by updating your system to the following package versions:
- libprotoc9v5 - 2.6.1-1.3ubuntu0.1~esm2
- libprotobuf-lite9v5 - 2.6.1-1.3ubuntu0.1~esm2
- python-protobuf - 2.6.1-1.3ubuntu0.1~esm2
- libprotobuf9v5 - 2.6.1-1.3ubuntu0.1~esm2
- protobuf-compiler - 2.6.1-1.3ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
- USN-5945-1: python-protobuf, python3-protobuf, libprotobuf-lite23, protobuf-compiler, libprotobuf-dev, protobuf, libprotoc10, libprotobuf23, libprotobuf-lite10, libprotobuf-java, libprotobuf10, libprotoc8, libprotobuf8, libprotobuf-lite8, libprotoc17, libprotoc-dev, libprotobuf-lite17, libprotoc23, ruby-google-protobuf, elpa-protobuf-mode, libprotobuf17