Ubuntu Security Notice 6258-1 - It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. This issue only affected llvm-toolchain-15.
15c885edb7e0ba7f4983c7a40211df4b440b82848835df91fc7c1e82a2b8501a==========================================================================
Ubuntu Security Notice USN-6258-1
July 27, 2023
llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in LLVM Toolchain.
Software Description:
- llvm-toolchain-13: C, C++ and Objective-C compiler
- llvm-toolchain-14: C, C++ and Objective-C compiler
- llvm-toolchain-15: C, C++ and Objective-C compiler
Details:
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. (CVE-2023-29932,
CVE-2023-29934, CVE-2023-29939)
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. This issue only
affected llvm-toolchain-15. (CVE-2023-29933)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
llvm-13 1:13.0.1-11ubuntu14.1
llvm-13-tools 1:13.0.1-11ubuntu14.1
llvm-14 1:14.0.6-12ubuntu0.23.04.1
llvm-14-tools 1:14.0.6-12ubuntu0.23.04.1
llvm-15 1:15.0.7-3ubuntu0.23.04.1
llvm-15-tools 1:15.0.7-3ubuntu0.23.04.1
mlir-13-tools 1:13.0.1-11ubuntu14.1
mlir-14-tools 1:14.0.6-12ubuntu0.23.04.1
mlir-15-tools 1:15.0.7-3ubuntu0.23.04.1
Ubuntu 22.04 LTS:
llvm-13 1:13.0.1-2ubuntu2.2
llvm-13-tools 1:13.0.1-2ubuntu2.2
llvm-14 1:14.0.0-1ubuntu1.1
llvm-14-tools 1:14.0.0-1ubuntu1.1
llvm-15 1:15.0.7-0ubuntu0.22.04.3
llvm-15-tools 1:15.0.7-0ubuntu0.22.04.3
mlir-13-tools 1:13.0.1-2ubuntu2.2
mlir-14-tools 1:14.0.0-1ubuntu1.1
mlir-15-tools 1:15.0.7-0ubuntu0.22.04.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6258-1
CVE-2023-29932, CVE-2023-29933, CVE-2023-29934, CVE-2023-29939
Package Information:
https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-11ubuntu14.1
https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.6-12ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-3ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-2ubuntu2.2
https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-0ubuntu0.22.04.3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed