Package "valgrind"
| Name: |
valgrind
|
Description: |
instrumentation framework for building dynamic analysis tools
|
| Latest version: |
1:3.11.0-1ubuntu4.2 |
| Release: |
xenial (16.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
http://www.valgrind.org/ |
Links
Download "valgrind"
Other versions of "valgrind" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
|
valgrind (1:3.11.0-1ubuntu4.2) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in string_appends
- debian/patches/CVE-2016-2226.patch: check for overflow in
coregrind/m_demangle/cplus-dem.c, add xmalloc_failed and xmemdup to
coregrind/m_demangle/vg_libciface.h.
- CVE-2016-2226
* SECURITY UPDATE: use-after-free vulnerabilities
- debian/patches/CVE-2016-4487_4488.patch: set bsize and ksize in
coregrind/m_demangle/cplus-dem.c.
- CVE-2016-4487
- CVE-2016-4488
* SECURITY UPDATE: integer overflow in gnu_special
- debian/patches/CVE-2016-4489.patch: handle case where consume_count
returns -1 in coregrind/m_demangle/cplus-dem.c.
- CVE-2016-4489
* SECURITY UPDATE: integer overflow after sanity checks
- debian/patches/CVE-2016-4490.patch: parse numbers as integer instead
of long in coregrind/m_demangle/cp-demangle.c.
- CVE-2016-4490
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2016-4491.patch: limit recursion in
coregrind/m_demangle/cp-demangle.c, coregrind/m_demangle/demangle.h.
- CVE-2016-4491
* SECURITY UPDATE: buffer overflow in do_type
- debian/patches/CVE-2016-4492_4493.patch: properly handle large values
and overflow in coregrind/m_demangle/cplus-dem.c.
- CVE-2016-4492
- CVE-2016-4493
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2016-6131.patch: prevent infinite recursion in
coregrind/m_demangle/cplus-dem.c, add XDUPVEC to
coregrind/m_demangle/vg_libciface.h.
- CVE-2016-6131
-- Marc Deslauriers <email address hidden> Wed, 07 Jun 2017 15:24:31 -0400
|
| Source diff to previous version |
| CVE-2016-2226 |
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executabl |
| CVE-2016-4487 |
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, r |
| CVE-2016-4488 |
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, r |
| CVE-2016-4489 |
Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a c |
| CVE-2016-4490 |
Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted bina |
| CVE-2016-4491 |
The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a cra |
| CVE-2016-4492 |
Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and cras |
| CVE-2016-4493 |
The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of serv |
| CVE-2016-6131 |
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the ref |
|
|
valgrind (1:3.11.0-1ubuntu4.1) xenial; urgency=medium
* Recompile to resolve miscompilation on s390x architecture. LP:
#1572613
-- Dimitri John Ledkov <email address hidden> Fri, 20 May 2016 04:31:09 +0100
|
About
-
Send Feedback to @ubuntu_updates
