Ubuntu Security Notice 5769-1 - It was discovered that protobuf did not properly manage memory when serializing large messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that protobuf did not properly manage memory when parsing specifically crafted messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service.
b4cc7bdb19ad499b407d82a615d1f321af720dc7d67249f08ee597c4965f9e18
==========================================================================
Ubuntu Security Notice USN-5769-1
December 08, 2022
protobuf vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in protobuf.
Software Description:
- protobuf: protocol buffers C++ library (development files)
Details:
It was discovered that protobuf did not properly manage memory when
serializing
large messages. An attacker could possibly use this issue to cause
applications
using protobuf to crash, resulting in a denial of service, or possibly
execute
arbitrary code. (CVE-2015-5237)
It was discovered that protobuf did not properly manage memory when parsing
specifically crafted messages. An attacker could possibly use this issue to
cause applications using protobuf to crash, resulting in a denial of
service.
(CVE-2022-1941)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
libprotobuf-lite9v5 2.6.1-1.3ubuntu0.1~esm2
libprotobuf9v5 2.6.1-1.3ubuntu0.1~esm2
libprotoc9v5 2.6.1-1.3ubuntu0.1~esm2
protobuf-compiler 2.6.1-1.3ubuntu0.1~esm2
python-protobuf 2.6.1-1.3ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5769-1
CVE-2015-5237, CVE-2022-1941