[USN-6258-1] LLVM Toolchain vulnerabilities
Nishit Majithia
nishit.majithia at canonical.com
Thu Jul 27 09:51:25 UTC 2023
==========================================================================
Ubuntu Security Notice USN-6258-1
July 27, 2023
llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in LLVM Toolchain.
Software Description:
- llvm-toolchain-13: C, C++ and Objective-C compiler
- llvm-toolchain-14: C, C++ and Objective-C compiler
- llvm-toolchain-15: C, C++ and Objective-C compiler
Details:
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. (CVE-2023-29932,
CVE-2023-29934, CVE-2023-29939)
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. This issue only
affected llvm-toolchain-15. (CVE-2023-29933)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
llvm-13 1:13.0.1-11ubuntu14.1
llvm-13-tools 1:13.0.1-11ubuntu14.1
llvm-14 1:14.0.6-12ubuntu0.23.04.1
llvm-14-tools 1:14.0.6-12ubuntu0.23.04.1
llvm-15 1:15.0.7-3ubuntu0.23.04.1
llvm-15-tools 1:15.0.7-3ubuntu0.23.04.1
mlir-13-tools 1:13.0.1-11ubuntu14.1
mlir-14-tools 1:14.0.6-12ubuntu0.23.04.1
mlir-15-tools 1:15.0.7-3ubuntu0.23.04.1
Ubuntu 22.04 LTS:
llvm-13 1:13.0.1-2ubuntu2.2
llvm-13-tools 1:13.0.1-2ubuntu2.2
llvm-14 1:14.0.0-1ubuntu1.1
llvm-14-tools 1:14.0.0-1ubuntu1.1
llvm-15 1:15.0.7-0ubuntu0.22.04.3
llvm-15-tools 1:15.0.7-0ubuntu0.22.04.3
mlir-13-tools 1:13.0.1-2ubuntu2.2
mlir-14-tools 1:14.0.0-1ubuntu1.1
mlir-15-tools 1:15.0.7-0ubuntu0.22.04.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6258-1
CVE-2023-29932, CVE-2023-29933, CVE-2023-29934, CVE-2023-29939
Package Information:
https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-11ubuntu14.1
https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.6-12ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-3ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-2ubuntu2.2
https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-0ubuntu0.22.04.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230727/f61aa78d/attachment.sig>
More information about the ubuntu-security-announce
mailing list