Ubuntu alert USN-7629-2 (protobuf)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7629-2] Protocol Buffers vulnerabilities | |
| Date: | Tue, 02 Sep 2025 23:18:44 +0000 | |
| Message-ID: | <E1utaGy-0003X8-EZ@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7629-2 September 02, 2025 protobuf vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Protocol Buffers could be made to crash if it received specially crafted input. Software Description: - protobuf: protocol buffers data serialization library Details: USN-7435-1 and USN-7629-1 fixed vulnerabilities in Protocol Buffers for several releases of Ubuntu. This update provides the corresponding fixes for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled memory when receiving malicious input using the Python bindings. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-4565) It was discovered that Protocol Buffers incorrectly handled memory when receiving malicious input using the Java bindings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.04. (CVE-2024-7254) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libprotobuf-java 3.6.1.3-2ubuntu5.2+esm2 Available with Ubuntu Pro python3-protobuf 3.6.1.3-2ubuntu5.2+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS libprotobuf-java 3.0.0-9.1ubuntu1.1+esm3 Available with Ubuntu Pro python3-protobuf 3.0.0-9.1ubuntu1.1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS libprotobuf-java 2.6.1-1.3ubuntu0.1~esm4 Available with Ubuntu Pro python-protobuf 2.6.1-1.3ubuntu0.1~esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7629-2 https://ubuntu.com/security/notices/USN-7629-1 CVE-2024-7254, CVE-2025-4565
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmi3ex8ACgkQcpJm3tlz hgFqGQ//SqpXJdypheMaJAggYBLcN92Wtw4bn1QJS91DEJVKvqJu6Bt927fafmld fykKDa/hZpKgsuJgBV5nKzNslGladE1hQgMVAuCGqCcjqC3R/XLWcVkUn1pqCxu0 wkQY2D363l8WT3CV0Wx5U/XSV17iDocu/5XKJSltGxONe6snnFQ7DEPBO7WHWOU5 0KLHgUpfMjQI2GUnldaScVsB2D63SV/C5I4SjKllWoqyNMEfB83qq7DgFmIv4EjP rKROxlBtPX2XOCt3P1iHjmsv/JurmXN7h4xAHNhPFtuIKHVFIMIb4hMaRWtNyOpa cCWY2BRk45KGX7nmAxGMzoDLgugMwJmE1Z7YKRE2VMqm1pmfL+THWgIakPUKlYqc 5/0t481GX37fwIJfwWC0qKoHkuM9mgTWWB/pQaRQbwQl0aUI6x8R5gDZIGwDFg0s tEtsX96FoJvCKg6Ogdo0x8b1KcCfNqMfYm1Y467hBicSrlcj0LIGqLL13aBCs+DS VNNEsemmEqxe5VYo+HYwaxFhWvN6KBe3dSBGFo+ErM8c8pbZ4B2gNpBu573SatKJ m4l8q1d87ak1Nzk1NjSjYntkBpB+hodIum8pFFnxzMOoEr1nbBzbgezvhypQ21hV H8xJQEN4RkX0xxyRr26kxpeMUD4rvhrr9tHc8hKUkRuBK+lN52E= =AwYd -----END PGP SIGNATURE-----