6a74acb6fb
Fixes the following security issues: CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. CVE-2018-16403: libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. For more details, see the announcement: https://sourceware.org/ml/elfutils-devel/2018-q3/msg00116.html 0.172 and 0.173 also included fixes for crashes and hangs found by afl-fuzz (no CVEs assigned): https://sourceware.org/ml/elfutils-devel/2018-q2/msg00272.html https://sourceware.org/ml/elfutils-devel/2018-q2/msg00209.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 lines
497 B
Plaintext
7 lines
497 B
Plaintext
# From https://sourceware.org/elfutils/ftp/0.174/sha512.sum
|
|
sha512 696708309c2a9a076099748809ecdc0490f4a8a842b2efc1aae0d746e7c5a8b203743f5626739eff837216b0c052696516b2821f5d3cc3f2eef86597c96d42df elfutils-0.174.tar.bz2
|
|
# Locally calculated
|
|
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
|
|
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING-GPLV2
|
|
sha256 da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768 COPYING-LGPLV3
|