UbuntuUpdates.org

Package "valgrind"

Name: valgrind

Description:

instrumentation framework for building dynamic analysis tools

Latest version: 1:3.11.0-1ubuntu4.2
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://www.valgrind.org/

Links


Download "valgrind"


Other versions of "valgrind" in Xenial

Repository Area Version
base main 1:3.11.0-1ubuntu4
updates main 1:3.11.0-1ubuntu4.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:3.11.0-1ubuntu4.2 2017-06-21 18:06:45 UTC

  valgrind (1:3.11.0-1ubuntu4.2) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in string_appends
    - debian/patches/CVE-2016-2226.patch: check for overflow in
      coregrind/m_demangle/cplus-dem.c, add xmalloc_failed and xmemdup to
      coregrind/m_demangle/vg_libciface.h.
    - CVE-2016-2226
  * SECURITY UPDATE: use-after-free vulnerabilities
    - debian/patches/CVE-2016-4487_4488.patch: set bsize and ksize in
      coregrind/m_demangle/cplus-dem.c.
    - CVE-2016-4487
    - CVE-2016-4488
  * SECURITY UPDATE: integer overflow in gnu_special
    - debian/patches/CVE-2016-4489.patch: handle case where consume_count
      returns -1 in coregrind/m_demangle/cplus-dem.c.
    - CVE-2016-4489
  * SECURITY UPDATE: integer overflow after sanity checks
    - debian/patches/CVE-2016-4490.patch: parse numbers as integer instead
      of long in coregrind/m_demangle/cp-demangle.c.
    - CVE-2016-4490
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2016-4491.patch: limit recursion in
      coregrind/m_demangle/cp-demangle.c, coregrind/m_demangle/demangle.h.
    - CVE-2016-4491
  * SECURITY UPDATE: buffer overflow in do_type
    - debian/patches/CVE-2016-4492_4493.patch: properly handle large values
      and overflow in coregrind/m_demangle/cplus-dem.c.
    - CVE-2016-4492
    - CVE-2016-4493
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2016-6131.patch: prevent infinite recursion in
      coregrind/m_demangle/cplus-dem.c, add XDUPVEC to
      coregrind/m_demangle/vg_libciface.h.
    - CVE-2016-6131

 -- Marc Deslauriers <email address hidden> Wed, 07 Jun 2017 15:24:31 -0400

CVE-2016-2226 Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executabl
CVE-2016-4487 Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, r
CVE-2016-4488 Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, r
CVE-2016-4489 Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a c
CVE-2016-4490 Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted bina
CVE-2016-4491 The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a cra
CVE-2016-4492 Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and cras
CVE-2016-4493 The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of serv
CVE-2016-6131 The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the ref



About   -   Send Feedback to @ubuntu_updates