|
|
Subscribe / Log in / New account

Debian alert DLA-4137-1 (libbpf)



From:
              Adrian Bunk <bunk@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4137-1] libbpf security update


Date:
              Thu, 24 Apr 2025 23:04:23 +0300


Message-ID:
              <aAqZR7nggEdW8bJT@localhost>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4137-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 24, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libbpf
Version        : 0.3-2+deb11u1
CVE ID         : CVE-2022-3534 CVE-2022-3606
Debian Bug     : 1023717

Two vulnerabilities have been fixed in libbpf, a library for interacting 
with eBPF in the Linux kernel.

CVE-2022-3534

    use-after-free in btf_dump_name_dups()

CVE-2022-3606

    null-pointer dereference in find_prog_by_sec_insn()

For Debian 11 bullseye, these problems have been fixed in version
0.3-2+deb11u1.

We recommend that you upgrade your libbpf packages.

For the detailed security status of libbpf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libbpf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmgKmUAACgkQiNJCh6LY
mLFMDg/+M0gB0aGXtxiybiW7PcSC8O57BmupKdf1ZG0FZXNQIvIputRqjA5g7TjK
CUIEq7kVrkEFLcRbTJdrVNgDzZseDRsK83pmWZBvdMVJPBd9qefVvX6BttFmNcbx
5P6gi6jtg9AkW1Qiq79b04ezbLkJ6uAAk1x5RPY2xGIitWFxexuydlRhEciTyMBu
yyTUrcqO3OU1nQwQWJNoGsl6zhfsRjv4449+k3hpssWvoIF3u915CIPVzrFEGYBM
GHi5I5+YjqFuvl1FHiguYcfNdo/cyMFRc+hjjJ67rZAPu4N34ol2QPQpn5/UCfqM
oWdAODJ6h8IV8rIAibcHcmy5oaL4wWiZnegUClez9GgYdh3iYWLQipa1U/cphBhR
AXy33BCMbvlWrLXXqfE+PwwyChUeDctMzUvZ/rSJPB837wzZaxgxEI9FOh32U/r4
urv7pRK4wbrgTeBabv93/saPBkk45gQ9Vjn/nH3VLhaPhqrxoqkeNBASL5sPd/tS
yqszXd4J46l+8aGy47SFP5Bz9mQdTd+aYDgyb1N/V853np995nA6g43Cz/7D34O/
85TLS3jFHvUaLYngKxO6hcOEiNzhGssnVCJIcQ8csWXVbNuEQbHXFBaheCZHjn5k
X7LIEUiL02mYIYJSWZt0wKwf6y/pzkXayVFMcM2RULTa2TgpNoI=
=kA+j
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds