UbuntuUpdates.org

Package "elfutils"

Name: elfutils

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • libasm development libraries and header files
  • library with a programmable assembler interface
  • libdw1 development libraries and header files
  • library that provides access to the DWARF debug information

Latest version: 0.158-0ubuntu5.3
Release: trusty (14.04)
Level: security
Repository: main

Links



Other versions of "elfutils" in Trusty

Repository Area Version
base main 0.158-0ubuntu5
base universe 0.158-0ubuntu5
security universe 0.158-0ubuntu5.3
updates universe 0.158-0ubuntu5.3
updates main 0.158-0ubuntu5.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.158-0ubuntu5.3 2018-06-05 16:07:28 UTC

  elfutils (0.158-0ubuntu5.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading
      an ELF file for sanity checks. Based on upstream patch.
    - CVE-2016-10254
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2016-10255.patch: Sanity check offset and size before
      trying to malloc and read data. Based on upstream patch.
    - CVE-2016-10255
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7607-1.patch: Sanity check hash section contents
      before processing. Based on upstream patch.
    - debian/patches/CVE-2017-7607-2.patch: Fix off by one sanity check in
      handle_gnu_hash. Based on upstream patch.
    - CVE-2017-7607
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7608.patch: Use the empty string for note names
      with zero size. Based on upstream patch.
    - CVE-2017-7608
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7610.patch: Don't check section group without
      flags word. Based on upstream patch.
    - CVE-2017-7610
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7611.patch: Check symbol table data is big
      enough before checking. Based on upstream patch.
    - CVE-2017-7611
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking
      hash sections. Based on upstream patch.
    - CVE-2017-7612
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and
      shdrs available. Based on upstream patch.
    - CVE-2017-7613

 -- Tyler Hicks <email address hidden> Wed, 17 May 2017 23:27:15 +0000

Source diff to previous version
CVE-2016-10254 The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, w
CVE-2016-10255 The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a
CVE-2017-7607 The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and app
CVE-2017-7608 The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buf
CVE-2017-7610 The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and applica
CVE-2017-7611 The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and
CVE-2017-7612 The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and app
CVE-2017-7613 elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of s

Version: 0.158-0ubuntu5.2 2015-01-23 02:07:13 UTC

  elfutils (0.158-0ubuntu5.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Directory traversal via crafted ar archive
    - debian/patches/CVE-2014-9447.patch: Prevent root directory traversal
      while extracting ar archives
    - CVE-2014-9447
 -- Tyler Hicks <email address hidden> Tue, 20 Jan 2015 15:22:53 -0600

Source diff to previous version
CVE-2014-9447 Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write

Version: 0.158-0ubuntu5.1 2014-04-30 15:07:22 UTC

  elfutils (0.158-0ubuntu5.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution in libdw
    via malicious ELF file
    - debian/patches/CVE-2014-0172.patch: check for overflow in
      libdw/dwarf_begin_elf.c.
    - CVE-2014-0172
 -- Marc Deslauriers <email address hidden> Tue, 15 Apr 2014 14:39:39 -0400

CVE-2014-0172 Integer overflow in the check_section function in dwarf_begin_elf.c in ...



About   -   Send Feedback to @ubuntu_updates