Your message dated Fri, 25 Apr 2025 19:35:18 +0000
with message-id <e1u8ops-00647p...@fasolo.debian.org>
and subject line Bug#1102672: fixed in libbpf 1.5.0-3
has caused the Debian Bug report #1102672,
regarding libbpf: CVE-2025-29481
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1102672: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102672
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libbpf
Version: 1.5.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/libbpf/libbpf/issues/898
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libbpf.
CVE-2025-29481[0]:
| Buffer Overflow vulnerability in libbpf 1.5.0 allows a local
| attacker to execute arbitrary code via the bpf_object__init_prog`
| function of libbpf.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-29481
https://www.cve.org/CVERecord?id=CVE-2025-29481
[1] https://github.com/libbpf/libbpf/issues/898
[2] https://lore.kernel.org/bpf/20250410095517.141271-1-vma...@redhat.com/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libbpf
Source-Version: 1.5.0-3
Done: Sudip Mukherjee <sudipm.mukher...@gmail.com>
We believe that the bug you reported is fixed in the latest version of
libbpf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1102...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sudip Mukherjee <sudipm.mukher...@gmail.com> (supplier of updated libbpf
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 25 Apr 2025 19:49:15 +0100
Source: libbpf
Architecture: source
Version: 1.5.0-3
Distribution: unstable
Urgency: medium
Maintainer: Sudip Mukherjee <sudipm.mukher...@gmail.com>
Changed-By: Sudip Mukherjee <sudipm.mukher...@gmail.com>
Closes: 1102672
Changes:
libbpf (1.5.0-3) unstable; urgency=medium
.
* CVE-2025-29481:
- Fix buffer overflow in bpf_object__init_prog. (Closes: #1102672)
Checksums-Sha1:
e160d2ac7cacc03ed1eb0720404336da247866ce 1921 libbpf_1.5.0-3.dsc
15b77218f6ee73aef1a27e20b2b8a7fe229ccb93 9064 libbpf_1.5.0-3.debian.tar.xz
f24f74d8777a5945f6784d8fcbde35e805c46274 6485 libbpf_1.5.0-3_amd64.buildinfo
Checksums-Sha256:
b8fdd3a9c58a13d13e9da0927062f1237303db3a804207e423ec4335119d3245 1921
libbpf_1.5.0-3.dsc
b526c99fc75f632540306a958576fe3923890cba95d4999efc458784802da460 9064
libbpf_1.5.0-3.debian.tar.xz
2352828704a121ba3e0a3320795c0878be64c8d7947c2d37f9f1475739e5f9ee 6485
libbpf_1.5.0-3_amd64.buildinfo
Files:
5dd28840a6530422abc5e64f68f10489 1921 libs optional libbpf_1.5.0-3.dsc
eeafb286f03faac891fe9906aa22f794 9064 libs optional
libbpf_1.5.0-3.debian.tar.xz
51d60742e1f865fb7f98a5cdaab2af2d 6485 libs optional
libbpf_1.5.0-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuDQJkCg9jZvBlJrHR5mjUUbRKzUFAmgL2YUACgkQR5mjUUbR
KzXpPA//bXdBGifCunNzOs3SRvA+uOKtcYh/3CgQwJ1k0D+4rzI7ZsUvyKYGs2CK
ecJLm37x062Baukfc8T525ximaonmVWy+3vSiRTueQGoI29/7X5f2fXX4zY1GcQg
9mfk6iepv+zk2k1RAsB9uEL9Kg1yfOBBjYaTiY5o8h2nHKNSGKC2UwqEaPHaINz6
OAFtg7t6omMsu7wRJd1rEVBTobfqHxxGmXzTWUz/wWJbEdrX4VwcIAFtCaABYUYi
jMXtefJk8f9ioT5z0u+uNt3imL7pzRKlqmUoEYEmy4RREZ7m1/P0Fnhh463+iGZM
rAX10RrP2ORNgMWX6aEtUn0eekNcLJYNKdI8z8+5wLhEA615WG2O432FLtP8env2
Cnrn1C5+DslFhBkodQSo1zRDarreQDiEQajZrOKChIxfkA+RczHbIZZiCh789epy
5AFm1x7o1o+JaG39kmf4odutvwUFiaRb1pFNvh/7RAzMnW6z8hXv/7CDsOQoNbOo
+CLijGdaTODZr0Sj4IKdFz5xG5HtKelucIPt5Zbh8RRoJkt2/58FKlrStwkgKtGZ
XQguhoD5+K6N2jpMJp4ltm9jSynzIOXOj2cqV3i8FWiyEVm3YzeY8b/6Cs+oN5Xb
dUfuMAMXM0+COrxS4aBMVe2nON3JfV6L0mVhBdjkW/ysbvvpEu8=
=8q08
-----END PGP SIGNATURE-----
pgpllXpazG2ED.pgp
Description: PGP signature
--- End Message ---
