[SECURITY] [DLA 4137-1] libbpf security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4137-1] libbpf security update
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 24 Apr 2025 23:04:23 +0300
Message-id: <[🔎] aAqZR7nggEdW8bJT@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4137-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 24, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libbpf
Version        : 0.3-2+deb11u1
CVE ID         : CVE-2022-3534 CVE-2022-3606
Debian Bug     : 1023717

Two vulnerabilities have been fixed in libbpf, a library for interacting 
with eBPF in the Linux kernel.

CVE-2022-3534

    use-after-free in btf_dump_name_dups()

CVE-2022-3606

    null-pointer dereference in find_prog_by_sec_insn()

For Debian 11 bullseye, these problems have been fixed in version
0.3-2+deb11u1.

We recommend that you upgrade your libbpf packages.

For the detailed security status of libbpf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libbpf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmgKmUAACgkQiNJCh6LY
mLFMDg/+M0gB0aGXtxiybiW7PcSC8O57BmupKdf1ZG0FZXNQIvIputRqjA5g7TjK
CUIEq7kVrkEFLcRbTJdrVNgDzZseDRsK83pmWZBvdMVJPBd9qefVvX6BttFmNcbx
5P6gi6jtg9AkW1Qiq79b04ezbLkJ6uAAk1x5RPY2xGIitWFxexuydlRhEciTyMBu
yyTUrcqO3OU1nQwQWJNoGsl6zhfsRjv4449+k3hpssWvoIF3u915CIPVzrFEGYBM
GHi5I5+YjqFuvl1FHiguYcfNdo/cyMFRc+hjjJ67rZAPu4N34ol2QPQpn5/UCfqM
oWdAODJ6h8IV8rIAibcHcmy5oaL4wWiZnegUClez9GgYdh3iYWLQipa1U/cphBhR
AXy33BCMbvlWrLXXqfE+PwwyChUeDctMzUvZ/rSJPB837wzZaxgxEI9FOh32U/r4
urv7pRK4wbrgTeBabv93/saPBkk45gQ9Vjn/nH3VLhaPhqrxoqkeNBASL5sPd/tS
yqszXd4J46l+8aGy47SFP5Bz9mQdTd+aYDgyb1N/V853np995nA6g43Cz/7D34O/
85TLS3jFHvUaLYngKxO6hcOEiNzhGssnVCJIcQ8csWXVbNuEQbHXFBaheCZHjn5k
X7LIEUiL02mYIYJSWZt0wKwf6y/pzkXayVFMcM2RULTa2TgpNoI=
=kA+j
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4136-1] openrazer security update
Next by Date: [SECURITY] [DLA 4138-1] distro-info-data database update
Previous by thread: [SECURITY] [DLA 4136-1] openrazer security update
Next by thread: [SECURITY] [DLA 4138-1] distro-info-data database update
Index(es):
- Date
- Thread