[ubuntu/lunar-proposed] libbpf 1.0.1-2ubuntu1 (Accepted)

Nishit Majithia nishit.majithia at canonical.com
Wed Dec 7 00:14:14 UTC 2022 

libbpf (1.0.1-2ubuntu1) lunar; urgency=medium

  * SECURITY UPDATE: heap overflow vulnerability
    - debian/patches/CVE-2021-45940_45941.patch: Use elf_getshdrnum()
      instead of e_shnum
    - CVE-2021-45940
    - CVE-2021-45941
  * SECURITY UPDATE: memory leak due to argument reg_name
    - debian/patches/CVE-2022-3533.patch: Fix memory leak in
      parse_usdt_arg()
    - CVE-2022-3533
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2022-3534.patch: Fix use-after-free in
      btf_dump_name_dups
    - CVE-2022-3534
  * SECURITY UPDATE: null pointer dereference vulnerability
    - debian/patches/CVE-2022-3606.patch: Fix null-pointer dereference in
      find_prog_by_sec_insn()
    - CVE-2022-3606

Date: Thu, 01 Dec 2022 15:29:38 +0530
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/libbpf/1.0.1-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 01 Dec 2022 15:29:38 +0530
Source: libbpf
Built-For-Profiles: noudeb
Architecture: source
Version: 1.0.1-2ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Changes:
 libbpf (1.0.1-2ubuntu1) lunar; urgency=medium
 .
   * SECURITY UPDATE: heap overflow vulnerability
     - debian/patches/CVE-2021-45940_45941.patch: Use elf_getshdrnum()
       instead of e_shnum
     - CVE-2021-45940
     - CVE-2021-45941
   * SECURITY UPDATE: memory leak due to argument reg_name
     - debian/patches/CVE-2022-3533.patch: Fix memory leak in
       parse_usdt_arg()
     - CVE-2022-3533
   * SECURITY UPDATE: use-after-free vulnerability
     - debian/patches/CVE-2022-3534.patch: Fix use-after-free in
       btf_dump_name_dups
     - CVE-2022-3534
   * SECURITY UPDATE: null pointer dereference vulnerability
     - debian/patches/CVE-2022-3606.patch: Fix null-pointer dereference in
       find_prog_by_sec_insn()
     - CVE-2022-3606
Checksums-Sha1:
 fcfe4e950f1d77c62cdbfe9ab8ee3d45f1e0f902 1688 libbpf_1.0.1-2ubuntu1.dsc
 498a2c2b3595ef47a3617193d01a4a0107d1b598 10836 libbpf_1.0.1-2ubuntu1.debian.tar.xz
 527f1a7f445d6c593feba868c4d08411e906186f 5971 libbpf_1.0.1-2ubuntu1_source.buildinfo
Checksums-Sha256:
 84dce12eae1b5a648bf65f117613b254ade2371bf43f70331337ba36db191cf6 1688 libbpf_1.0.1-2ubuntu1.dsc
 8818f2f9f8eb4ddbe7043cc130f15b9d1274441de63134d7b0d31f905bea7fcc 10836 libbpf_1.0.1-2ubuntu1.debian.tar.xz
 7951c3365e956b8de27241bdc17ff148321ec6048acec6cc131b3fd937e40d45 5971 libbpf_1.0.1-2ubuntu1_source.buildinfo
Files:
 d404e889f18805d55c5305129a3f3485 1688 libs optional libbpf_1.0.1-2ubuntu1.dsc
 c5bfceaa8c7c951089939348e51db40f 10836 libs optional libbpf_1.0.1-2ubuntu1.debian.tar.xz
 509f2b0d9ed94ad86e105d61890d6cc8 5971 libs optional libbpf_1.0.1-2ubuntu1_source.buildinfo
Original-Maintainer: Sudip Mukherjee <sudipm.mukherjee at gmail.com>

More information about the lunar-changes mailing list