UbuntuUpdates.org

Package "libbpf"

Name: libbpf

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • eBPF helper library (development files)
  • eBPF helper library (shared library)

Latest version: 1:0.8.0-1ubuntu22.10.1
Release: kinetic (22.10)
Level: security
Repository: main

Links



Other versions of "libbpf" in Kinetic

Repository Area Version
base main 1:0.8.0-1
updates main 1:0.8.0-1ubuntu22.10.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:0.8.0-1ubuntu22.10.1 2022-12-05 11:06:28 UTC

  libbpf (0.8.0-1ubuntu22.10.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: heap overflow vulnerability
    - debian/patches/CVE-2021-45940_45941.patch: Use elf_getshdrnum()
      instead of e_shnum
    - CVE-2021-45940
    - CVE-2021-45941
  * SECURITY UPDATE: memory leak due to argument reg_name
    - debian/patches/CVE-2022-3533.patch: Fix memory leak in
      parse_usdt_arg()
    - CVE-2022-3533
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2022-3534.patch: Fix use-after-free in
      btf_dump_name_dups
    - CVE-2022-3534
  * SECURITY UPDATE: null pointer dereference vulnerability
    - debian/patches/CVE-2022-3606.patch: Fix null-pointer dereference in
      find_prog_by_sec_insn()
    - CVE-2022-3606

 -- Nishit Majithia <email address hidden> Thu, 01 Dec 2022 15:24:36 +0530

CVE-2021-45940 libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).
CVE-2021-45941 libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).
CVE-2022-3533 A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf
CVE-2022-3534 A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump
CVE-2022-3606 A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/l



About   -   Send Feedback to @ubuntu_updates