Package "elfutils"
Name: |
elfutils
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- libasm development libraries and header files
- library with a programmable assembler interface
- libdw1 development libraries and header files
- library that provides access to the DWARF debug information
|
Latest version: |
0.158-0ubuntu5.3 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "elfutils" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
elfutils (0.158-0ubuntu5.3) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading
an ELF file for sanity checks. Based on upstream patch.
- CVE-2016-10254
* SECURITY UPDATE: Denial of service via memory consumption when handling
crafted ELF files
- debian/patches/CVE-2016-10255.patch: Sanity check offset and size before
trying to malloc and read data. Based on upstream patch.
- CVE-2016-10255
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7607-1.patch: Sanity check hash section contents
before processing. Based on upstream patch.
- debian/patches/CVE-2017-7607-2.patch: Fix off by one sanity check in
handle_gnu_hash. Based on upstream patch.
- CVE-2017-7607
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7608.patch: Use the empty string for note names
with zero size. Based on upstream patch.
- CVE-2017-7608
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7610.patch: Don't check section group without
flags word. Based on upstream patch.
- CVE-2017-7610
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7611.patch: Check symbol table data is big
enough before checking. Based on upstream patch.
- CVE-2017-7611
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking
hash sections. Based on upstream patch.
- CVE-2017-7612
* SECURITY UPDATE: Denial of service via memory consumption when handling
crafted ELF files
- debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and
shdrs available. Based on upstream patch.
- CVE-2017-7613
-- Tyler Hicks <email address hidden> Wed, 17 May 2017 23:27:15 +0000
|
Source diff to previous version |
CVE-2016-10254 |
The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, w |
CVE-2016-10255 |
The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a |
CVE-2017-7607 |
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and app |
CVE-2017-7608 |
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buf |
CVE-2017-7610 |
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and applica |
CVE-2017-7611 |
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and |
CVE-2017-7612 |
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and app |
CVE-2017-7613 |
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of s |
|
elfutils (0.158-0ubuntu5.2) trusty-security; urgency=medium
* SECURITY UPDATE: Directory traversal via crafted ar archive
- debian/patches/CVE-2014-9447.patch: Prevent root directory traversal
while extracting ar archives
- CVE-2014-9447
-- Tyler Hicks <email address hidden> Tue, 20 Jan 2015 15:22:53 -0600
|
Source diff to previous version |
CVE-2014-9447 |
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write |
|
elfutils (0.158-0ubuntu5.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution in libdw
via malicious ELF file
- debian/patches/CVE-2014-0172.patch: check for overflow in
libdw/dwarf_begin_elf.c.
- CVE-2014-0172
-- Marc Deslauriers <email address hidden> Tue, 15 Apr 2014 14:39:39 -0400
|
CVE-2014-0172 |
Integer overflow in the check_section function in dwarf_begin_elf.c in ... |
|
About
-
Send Feedback to @ubuntu_updates