Ubuntu alert USN-7629-2 (protobuf)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7629-2] Protocol Buffers vulnerabilities | |
| Date: | Thu, 04 Sep 2025 03:31:53 +0000 | |
| Message-ID: | <E1uu0hV-0000zz-55@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7629-2 September 02, 2025 protobuf vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Protocol Buffers could be made to crash if it received specially crafted input. Software Description: - protobuf: protocol buffers data serialization library Details: USN-7435-1 and USN-7629-1 fixed vulnerabilities in Protocol Buffers for several releases of Ubuntu. This update provides the corresponding fixes for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled memory when receiving malicious input using the Python bindings. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-4565) It was discovered that Protocol Buffers incorrectly handled memory when receiving malicious input using the Java bindings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.04. (CVE-2024-7254) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libprotobuf-java 3.6.1.3-2ubuntu5.2+esm2 Available with Ubuntu Pro python3-protobuf 3.6.1.3-2ubuntu5.2+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS libprotobuf-java 3.0.0-9.1ubuntu1.1+esm3 Available with Ubuntu Pro python3-protobuf 3.0.0-9.1ubuntu1.1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS libprotobuf-java 2.6.1-1.3ubuntu0.1~esm4 Available with Ubuntu Pro python-protobuf 2.6.1-1.3ubuntu0.1~esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7629-2 https://ubuntu.com/security/notices/USN-7629-1 CVE-2024-7254, CVE-2025-4565
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmi3fZsACgkQcpJm3tlz hgE/tBAAgdfpmzVw6xNjD84fIQ7yhKoiOrxd6/kwLKZmNJDybwcMFZnGALPbtgX4 cjeUckVaDYcFpmQpAyewbeO6VksPPqGGH0gxUu9uy5iuVhD96cW0J8MLPuA93dna 4slnwZq3hLvRLavGUcpJgbRqLOdF2Er+wnsZ72tMzo+ROI18DVEXnMDmt9yt0EyI FLsD+ptvgDrY147foASy2Md4T9xtWO2CZ2dFOXBVNlRNtr24SWmPL3Kl3SyS3GpE iGnLz9jlHYRr4gYathSgrgsUqBiW6HYM9xYHS3akPsfK+3A3Hx3UBu5ewd79d+fz AI1PKkjCDUMTCdWCZH/RHSUTPw49G3czR+iDkHUE13Hx8iPubR8EeBEc78SMPHCV 750oqIRjNDfLl2hxWJaHYQo/68goy6+uRPDH+gu79lG6ndL+RN5A8HAwCHKH6RnC 9oPykkRxz2AH+b/TXbJ0edkJ4Ux6JFR8TgSFATiD55KOY2xNAZRDEDxrp6sTeqzi ia6bDciMmu0Vd1FkIW3BsFyiTkoE5YiUDNXa+HvmPp+CHDSs1tCKQyW2tBnmo73F Pq1eI0itU27MnhHWi5ihikEj2WOGIFFCYYUdykvvNXyekWljwZotnwlhlu+k1Ula t0SGvpzfmUL6KgbNMvrU6yv2OjiLHZ3cLZt0/F0WSZTOPS58dR8= =EVcK -----END PGP SIGNATURE-----