UbuntuUpdates.org

Package "libprotobuf23"

Name: libprotobuf23

Description:

protocol buffers C++ library

Latest version: 3.12.4-1ubuntu7.22.04.1
Release: jammy (22.04)
Level: security
Repository: main
Head package: protobuf
Homepage: https://github.com/google/protobuf/

Links


Download "libprotobuf23"


Other versions of "libprotobuf23" in Jammy

Repository Area Version
base main 3.12.4-1ubuntu7
updates main 3.12.4-1ubuntu7.22.04.1

Changelog

Version: 3.12.4-1ubuntu7.22.04.1 2023-03-13 07:06:58 UTC

  protobuf (3.12.4-1ubuntu7.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS in protobuf-java parser
    - debian/patches/CVE-2021-22569.patch: Improve performance of parsing
      unknown fields in Java
    - CVE-2021-22569
  * SECURITY UPDATE: Null pointer dereference issue
    - debian/patches/CVE-2021-22570.patch: fix null pointer dereference
    - CVE-2021-22570
  * SECURITY UPDATE: Dos vulnerability in cpp and python parser
    - debian/patches/CVE-2022-1941.patch: fix parsing vulnerability for the
      MessageSet type
    - CVE-2022-1941

 -- Nishit Majithia <email address hidden> Thu, 09 Mar 2023 15:05:50 +0530

CVE-2021-22569 An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order.
CVE-2021-22570 Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file
CVE-2022-1941 A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.2



About   -   Send Feedback to @ubuntu_updates