USN-5490-1: Protocol Buffers vulnerability
21 June 2022
Protocol Buffers could be made to crash if it received specially crafted input.
Releases
Packages
- protobuf - protocol buffers C++ library (development files)
Details
It was discovered that Protocol Buffers did not properly parse certain symbols.
An attacker could possibly use this issue to cause a denial of service or other
unspecified impact.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
libprotoc9v5
-
2.6.1-1.3ubuntu0.1~esm1
Available with Ubuntu Pro
-
libprotobuf-lite9v5
-
2.6.1-1.3ubuntu0.1~esm1
Available with Ubuntu Pro
-
libprotobuf9v5
-
2.6.1-1.3ubuntu0.1~esm1
Available with Ubuntu Pro
-
protobuf-compiler
-
2.6.1-1.3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5945-1: elpa-protobuf-mode, libprotobuf-dev, libprotobuf-lite8, libprotobuf-lite17, libprotoc8, protobuf, python-protobuf, libprotobuf17, libprotoc10, python3-protobuf, libprotobuf-lite23, libprotoc-dev, protobuf-compiler, libprotobuf-lite10, libprotobuf8, libprotoc17, libprotobuf23, ruby-google-protobuf, libprotobuf10, libprotoc23, libprotobuf-java