Ubuntu 6614 Published by

A protobuf security update has been released for Ubuntu Linux 16.04 ESM.



USN-5769-1: protobuf vulnerabilities


==========================================================================
Ubuntu Security Notice USN-5769-1
December 08, 2022

protobuf vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in protobuf.

Software Description:
- protobuf: protocol buffers C++ library (development files)

Details:

It was discovered that protobuf did not properly manage memory when
serializing
large messages. An attacker could possibly use this issue to cause
applications
using protobuf to crash, resulting in a denial of service, or possibly
execute
arbitrary code. (CVE-2015-5237)

It was discovered that protobuf did not properly manage memory when parsing
specifically crafted messages. An attacker could possibly use this issue to
cause applications using protobuf to crash, resulting in a denial of
service.
(CVE-2022-1941)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  libprotobuf-lite9v5             2.6.1-1.3ubuntu0.1~esm2
  libprotobuf9v5                  2.6.1-1.3ubuntu0.1~esm2
  libprotoc9v5                    2.6.1-1.3ubuntu0.1~esm2
  protobuf-compiler               2.6.1-1.3ubuntu0.1~esm2
  python-protobuf                 2.6.1-1.3ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References:
    https://ubuntu.com/security/notices/USN-5769-1
  CVE-2015-5237, CVE-2022-1941