Package "libiberty"
Name: |
libiberty
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- library of utility functions used by GNU programs
|
Latest version: |
20160215-1ubuntu0.3 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "libiberty" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
libiberty (20160215-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: stack Exhaustion in C++ demangling
- debian/patches/CVE-2018-9138.patch: limit recusion and add
--no-recruse-limit option to tools that support name demangling.
- debian/patches/CVE-2018-9138-2.patch: fix a failure in the libiberty
testsuite by increasing the recursion limit to 2048.
- CVE-2018-9138
- CVE-2018-12641
- CVE-2018-12697
- CVE-2018-12698
- CVE-2018-17794
- CVE-2018-17985
- CVE-2018-18484
- CVE-2018-18700
- CVE-2018-18701
* SECURITY UPDATE: excessive memory consumption
- debian/patches/CVE-2018-12934.patch: remove support for demangling
GCC 2.x era mangling schemes.
- CVE-2018-12934
- CVE-2018-18483
* SECURITY UPDATE: stack consumption and heap-based buffer over-read
- debian/patches/CVE-2019-907x.patch: reject negative lengths and add
recursion counter.
- CVE-2019-9070
- CVE-2019-9071
* SECURITY UPDATE: integer overflow and heap-based buffer overflow
- debian/patches/CVE-2019-14250.patch: check zero value shstrndx.
- CVE-2019-14250
-- Marc Deslauriers <email address hidden> Wed, 01 Apr 2020 11:39:51 -0400
|
Source diff to previous version |
CVE-2018-9138 |
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling |
CVE-2018-12641 |
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling |
CVE-2018-12697 |
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as |
CVE-2018-12698 |
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka |
CVE-2018-17794 |
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_ |
CVE-2018-17985 |
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cp |
CVE-2018-18484 |
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functio |
CVE-2018-18700 |
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting |
CVE-2018-18701 |
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting |
CVE-2018-12934 |
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OO |
CVE-2018-18483 |
The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (ma |
CVE-2019-9070 |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c |
CVE-2019-9071 |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-dema |
CVE-2019-14250 |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a ze |
|
libiberty (20160215-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in string_appends
- debian/patches/CVE-2016-2226.patch: check for overflow in
libiberty/cplus-dem.c.
- CVE-2016-2226
* SECURITY UPDATE: use-after-free vulberabilities
- debian/patches/CVE-2016-4487_4488.patch: set bsize and ksize in
libiberty/cplus-dem.c, added test to
libiberty/testsuite/demangle-expected.
- CVE-2016-4487
- CVE-2016-4488
* SECURITY UPDATE: integer overflow in gnu_special
- debian/patches/CVE-2016-4489.patch: handle case where consume_count
returns -1 in libiberty/cplus-dem.c.
- CVE-2016-4489
* SECURITY UPDATE: integer overflow after sanity checks
- debian/patches/CVE-2016-4490.patch: parse numbers as integer instead
of long in libiberty/cp-demangle.c, added test to
libiberty/testsuite/demangle-expected.
- CVE-2016-4490
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2016-4491-1.patch: limit recursion in
include/demangle.h, libiberty/cp-demangle.c, libiberty/cp-demint.c,
added test to libiberty/testsuite/demangle-expected.
- debian/patches/CVE-2016-4491-2.patch: limit more recursion in
libiberty/cp-demangle.c.
- debian/patches/CVE-2016-4491-3.patch: initialize d_printing in
libiberty/cp-demangle.c.
- CVE-2016-4491
* SECURITY UPDATE: buffer overflow in do_type
- debian/patches/CVE-2016-4492_4493.patch: properly handle large values
and overflow in libiberty/cplus-dem.c, added test to
libiberty/testsuite/demangle-expected.
- CVE-2016-4492
- CVE-2016-4493
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2016-6131.patch: prevent infinite recursion in
libiberty/cplus-dem.c, added test to
libiberty/testsuite/demangle-expected.
- CVE-2016-6131
-- Marc Deslauriers <email address hidden> Mon, 12 Jun 2017 12:43:14 -0400
|
CVE-2016-2226 |
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executabl |
CVE-2016-4487 |
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, r |
CVE-2016-4488 |
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, r |
CVE-2016-4489 |
Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a c |
CVE-2016-4490 |
Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted bina |
CVE-2016-4491 |
The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a cra |
CVE-2016-4492 |
Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and cras |
CVE-2016-4493 |
The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of serv |
CVE-2016-6131 |
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the ref |
|
About
-
Send Feedback to @ubuntu_updates