Moderate: protobuf-c security update

🗓️ 14 Nov 2023 00:00:00Reported by AlmaLinuxType

almalinux

almalinux🔗 errata.almalinux.org👁 29 Views

Security update for protobuf-c package with unsigned integer overflow fix in parse_required_membe

Reporter	Title	Published	Views	Family All 121
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to protobuf-c Integer Overflow or Wraparound vulnerabilitiy [ CVE-2022-48468]	5 Feb 202419:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 packages and cryptographic algorithms	1 Mar 202405:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Workload Automation affected by multiple vulnerabilities in RHEL (CVE-2023-32681, CVE-2022-48468)	16 Feb 202418:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NPS.	26 May 202606:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps	16 Oct 202422:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.	16 Jan 202419:45	–	ibm
IBM Security Bulletins	Security Bulletin: Denial of service, SQL injection, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service	24 Feb 202523:37	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in protobuf-c affects IBM Netezza Appliance	13 Jan 202607:39	–	ibm
Tenable Nessus	Amazon Linux 2 : protobuf-c (ALAS-2023-2142)	20 Jul 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0004: protobuf-c (ALINUX3-SA-2024:0004)	14 May 202500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
almalinux	8	i686	protobuf-c	1.3.0-8.el8	protobuf-c-1.3.0-8.el8.i686.rpm
almalinux	8	i686	protobuf-c-devel	1.3.0-8.el8	protobuf-c-devel-1.3.0-8.el8.i686.rpm
almalinux	8	i686	protobuf-c-compiler	1.3.0-8.el8	protobuf-c-compiler-1.3.0-8.el8.i686.rpm
almalinux	8	x86_64	protobuf-c	1.3.0-8.el8	protobuf-c-1.3.0-8.el8.x86_64.rpm
almalinux	8	x86_64	protobuf-c-devel	1.3.0-8.el8	protobuf-c-devel-1.3.0-8.el8.x86_64.rpm
almalinux	8	x86_64	protobuf-c-compiler	1.3.0-8.el8	protobuf-c-compiler-1.3.0-8.el8.x86_64.rpm
almalinux	8	aarch64	protobuf-c-compiler	1.3.0-8.el8	protobuf-c-compiler-1.3.0-8.el8.aarch64.rpm
almalinux	8	aarch64	protobuf-c	1.3.0-8.el8	protobuf-c-1.3.0-8.el8.aarch64.rpm
almalinux	8	aarch64	protobuf-c-devel	1.3.0-8.el8	protobuf-c-devel-1.3.0-8.el8.aarch64.rpm
almalinux	8	ppc64le	protobuf-c	1.3.0-8.el8	protobuf-c-1.3.0-8.el8.ppc64le.rpm

Source	Link
access	www.access.redhat.com/errata/RHSA-2023:6944
access	www.access.redhat.com/security/cve/CVE-2022-48468
bugzilla	www.bugzilla.redhat.com/2186673
errata	www.errata.almalinux.org/8/ALSA-2023-6944.html

23 Nov 2023 10:20Current

7.2High risk

Vulners AI Score7.2

CVSS 3.15.5

EPSS0.00366

SSVC

protobuf-c security update integer overflow cve-2022-48468 c bindings protocol buffers almalinux release notes