Package "elfutils"
| Name: |
elfutils
|
Description: |
collection of utilities to handle ELF objects
|
| Latest version: |
0.170-0.4ubuntu0.1 |
| Release: |
bionic (18.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
https://sourceware.org/elfutils/ |
Links
Download "elfutils"
Other versions of "elfutils" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
|
elfutils (0.170-0.4ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via a crafted file
- debian/patches/CVE-2018-16062.patch: make sure there is enough data
to read full aranges header in libdw/dwarf_getaranges.c,
src/readelf.c.
- CVE-2018-16062
* SECURITY UPDATE: double free and application crash
- debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu
is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c,
libelf/libelf.h.
- CVE-2018-16402
* SECURITY UPDATE: incorrect end of the attributes list check
- debian/patches/CVE-2018-16403.patch: check end of attributes list
consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c.
- CVE-2018-16403
* SECURITY UPDATE: invalid memory address dereference
- debian/patches/CVE-2018-18310.patch: sanity check partial core file
data reads in libdwfl/dwfl_segment_report_module.c.
- CVE-2018-18310
* SECURITY UPDATE: invalid memory address dereference
- debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in
src/size.c.
- CVE-2018-18520
* SECURITY UPDATE: divide by zero vulnerabilties
- debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero
in src/arlib.c.
- CVE-2018-18521
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-7149.patch: check terminating NUL byte in
dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c,
src/readelf.c.
- CVE-2019-7149
* SECURITY UPDATE: incorrect truncated dyn data read handling
- debian/patches/CVE-2019-7150.patch: sanity check partial core file
dyn data read in libdwfl/dwfl_segment_report_module.c.
- CVE-2019-7150
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes
contain a zero terminated string in libdwfl/linux-core-attach.c,
libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c.
- CVE-2019-7665
-- Marc Deslauriers <email address hidden> Fri, 07 Jun 2019 11:31:15 -0400
|
| CVE-2018-16062 |
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer |
| CVE-2018-16402 |
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecif |
| CVE-2018-16403 |
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr. |
| CVE-2018-18310 |
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows |
| CVE-2018-18520 |
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar |
| CVE-2018-18521 |
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service ( |
| CVE-2019-7149 |
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cau |
| CVE-2019-7150 |
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segm |
| CVE-2019-7665 |
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can |
|
About
-
Send Feedback to @ubuntu_updates
