kumquat-buildroot/package/elfutils
Peter Korsgaard 6a74acb6fb elfutils: security bump to version 0.174
Fixes the following security issues:

CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils
before 2018-08-18 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted file.

CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers
to cause a denial of service (double free and application crash) or possibly
have unspecified other impact because it tries to decompress twice.

CVE-2018-16403: libdw in elfutils 0.173 checks the end of the attributes
list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr
in dwarf_hasattr.c, leading to a heap-based buffer over-read and an
application crash.

For more details, see the announcement:
https://sourceware.org/ml/elfutils-devel/2018-q3/msg00116.html

0.172 and 0.173 also included fixes for crashes and hangs found by afl-fuzz
(no CVEs assigned):
https://sourceware.org/ml/elfutils-devel/2018-q2/msg00272.html
https://sourceware.org/ml/elfutils-devel/2018-q2/msg00209.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 09:16:58 +01:00
..
0001-Add-a-enable-disable-progs-configure-option.patch
0002-Add-an-implementation-of-the-fts_-functions.patch
0003-Really-make-Werror-conditional-to-BUILD_WERROR.patch
Config.in
elfutils.hash elfutils: security bump to version 0.174 2018-11-13 09:16:58 +01:00
elfutils.mk elfutils: security bump to version 0.174 2018-11-13 09:16:58 +01:00