6a74acb6fb
Fixes the following security issues: CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. CVE-2018-16403: libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. For more details, see the announcement: https://sourceware.org/ml/elfutils-devel/2018-q3/msg00116.html 0.172 and 0.173 also included fixes for crashes and hangs found by afl-fuzz (no CVEs assigned): https://sourceware.org/ml/elfutils-devel/2018-q2/msg00272.html https://sourceware.org/ml/elfutils-devel/2018-q2/msg00209.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| 0001-Add-a-enable-disable-progs-configure-option.patch | ||
| 0002-Add-an-implementation-of-the-fts_-functions.patch | ||
| 0003-Really-make-Werror-conditional-to-BUILD_WERROR.patch | ||
| Config.in | ||
| elfutils.hash | ||
| elfutils.mk | ||