Ubuntu Security Notice 5759-1 - It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.10. It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of service, or possibly execute arbitrary code.
0dd1a6726e82d29eb6519819607159abe89fea415bb410c0369a2119b10bab08
=========================================================================
Ubuntu Security Notice USN-5759-1
December 05, 2022
libbpf vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in LibBPF.
Software Description:
- libbpf: eBPF helper library (development files)
Details:
It was discovered that LibBPF incorrectly handled certain memory operations
under certain circumstances. An attacker could possibly use this issue to
cause LibBPF to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 22.10.
(CVE-2021-45940, CVE-2021-45941, CVE-2022-3533)
It was discovered that LibBPF incorrectly handled certain memory operations
under certain circumstances. An attacker could possibly use this issue to
cause LibBPF to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-3534, CVE-2022-3606)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libbpf-dev 1:0.8.0-1ubuntu22.10.1
Ubuntu 22.04 LTS:
libbpf-dev 1:0.5.0-1ubuntu22.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5759-1
CVE-2021-45940, CVE-2021-45941, CVE-2022-3533, CVE-2022-3534,
CVE-2022-3606
Package Information:
https://launchpad.net/ubuntu/+source/libbpf/0.8.0-1ubuntu22.10.1
https://launchpad.net/ubuntu/+source/libbpf/0.5.0-1ubuntu22.04.1