Headline
Ubuntu Security Notice USN-6258-1
Ubuntu Security Notice 6258-1 - It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. This issue only affected llvm-toolchain-15.
==========================================================================Ubuntu Security Notice USN-6258-1July 27, 2023llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTSSummary:Several security issues were fixed in LLVM Toolchain.Software Description:- llvm-toolchain-13: C, C++ and Objective-C compiler- llvm-toolchain-14: C, C++ and Objective-C compiler- llvm-toolchain-15: C, C++ and Objective-C compilerDetails:It was discovered that LLVM Toolchain did not properly manage memory undercertain circumstances. If a user were tricked into opening a speciallycrafted MLIR file, an attacker could possibly use this issue to cause LLVMToolchain to crash, resulting in a denial of service. (CVE-2023-29932,CVE-2023-29934, CVE-2023-29939)It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. This issue onlyaffected llvm-toolchain-15. (CVE-2023-29933)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04: llvm-13 1:13.0.1-11ubuntu14.1 llvm-13-tools 1:13.0.1-11ubuntu14.1 llvm-14 1:14.0.6-12ubuntu0.23.04.1 llvm-14-tools 1:14.0.6-12ubuntu0.23.04.1 llvm-15 1:15.0.7-3ubuntu0.23.04.1 llvm-15-tools 1:15.0.7-3ubuntu0.23.04.1 mlir-13-tools 1:13.0.1-11ubuntu14.1 mlir-14-tools 1:14.0.6-12ubuntu0.23.04.1 mlir-15-tools 1:15.0.7-3ubuntu0.23.04.1Ubuntu 22.04 LTS: llvm-13 1:13.0.1-2ubuntu2.2 llvm-13-tools 1:13.0.1-2ubuntu2.2 llvm-14 1:14.0.0-1ubuntu1.1 llvm-14-tools 1:14.0.0-1ubuntu1.1 llvm-15 1:15.0.7-0ubuntu0.22.04.3 llvm-15-tools 1:15.0.7-0ubuntu0.22.04.3 mlir-13-tools 1:13.0.1-2ubuntu2.2 mlir-14-tools 1:14.0.0-1ubuntu1.1 mlir-15-tools 1:15.0.7-0ubuntu0.22.04.3In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6258-1 CVE-2023-29932, CVE-2023-29933, CVE-2023-29934, CVE-2023-29939Package Information: https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-11ubuntu14.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.6-12ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-3ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-13/1:13.0.1-2ubuntu2.2 https://launchpad.net/ubuntu/+source/llvm-toolchain-14/1:14.0.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/llvm-toolchain-15/1:15.0.7-0ubuntu0.22.04.3Related news
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.
llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.