-
elfutils (0.165-3ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: DoS via a crafted file
- debian/patches/CVE-2018-16062.patch: make sure there is enough data
to read full aranges header in libdw/dwarf_getaranges.c,
src/readelf.c.
- CVE-2018-16062
* SECURITY UPDATE: double free and application crash
- debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu
is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c,
libelf/libelf.h.
- CVE-2018-16402
* SECURITY UPDATE: incorrect end of the attributes list check
- debian/patches/CVE-2018-16403.patch: check end of attributes list
consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c.
- CVE-2018-16403
* SECURITY UPDATE: invalid memory address dereference
- debian/patches/CVE-2018-18310.patch: sanity check partial core file
data reads in libdwfl/dwfl_segment_report_module.c.
- CVE-2018-18310
* SECURITY UPDATE: invalid memory address dereference
- debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in
src/size.c.
- CVE-2018-18520
* SECURITY UPDATE: divide by zero vulnerabilties
- debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero
in src/arlib.c.
- CVE-2018-18521
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-7149.patch: check terminating NUL byte in
dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c,
src/readelf.c.
- CVE-2019-7149
* SECURITY UPDATE: incorrect truncated dyn data read handling
- debian/patches/CVE-2019-7150.patch: sanity check partial core file
dyn data read in libdwfl/dwfl_segment_report_module.c.
- CVE-2019-7150
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes
contain a zero terminated string in libdwfl/linux-core-attach.c,
libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c.
- CVE-2019-7665
-- Marc Deslauriers <email address hidden> Fri, 07 Jun 2019 12:37:02 -0400
-
elfutils (0.165-3ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading
an ELF file for sanity checks. Based on upstream patch.
- CVE-2016-10254
* SECURITY UPDATE: Denial of service via memory consumption when handling
crafted ELF files
- debian/patches/CVE-2016-10255.patch: Sanity check offset and size before
trying to malloc and read data. Based on upstream patch.
- CVE-2016-10255
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7607.patch: Fix off by one sanity check in
handle_gnu_hash. Based on upstream patch.
- CVE-2017-7607
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7608.patch: Use the empty string for note names
with zero size. Based on upstream patch.
- CVE-2017-7608
* SECURITY UPDATE: Denial of service via memory consumption when handling
crafted ELF files
- debian/patches/CVE-2017-7609.patch: Check compression ratio before
trying to allocate output buffer. Based on upstream patch.
- CVE-2017-7609
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7610.patch: Don't check section group without
flags word. Based on upstream patch.
- CVE-2017-7610
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7611.patch: Check symbol table data is big
enough before checking. Based on upstream patch.
- CVE-2017-7611
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking
hash sections. Based on upstream patch.
- CVE-2017-7612
* SECURITY UPDATE: Denial of service via memory consumption when handling
crafted ELF files
- debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and
shdrs available. Based on upstream patch.
- CVE-2017-7613
-- Tyler Hicks <email address hidden> Wed, 17 May 2017 23:27:15 +0000
-
elfutils (0.165-3ubuntu1) xenial; urgency=medium
* Fix finding the debug info for Ubuntu kernels (Mark Wielaard). LP: #1537125.
-- Matthias Klose <email address hidden> Fri, 19 Feb 2016 16:57:49 +0100
-
elfutils (0.165-3) unstable; urgency=medium
* Add patches from Mark Wielaard to fix non-Linux issues.
-- Kurt Roeckx <email address hidden> Sat, 16 Jan 2016 17:53:34 +0100
-
elfutils (0.165-2) unstable; urgency=medium
* Make the new libelf.h work with older elf.h from glibc (Closes: #810885)
-- Kurt Roeckx <email address hidden> Wed, 13 Jan 2016 17:50:08 +0100
-
elfutils (0.165-1) unstable; urgency=medium
* New upstream release
* Install libelf.pc and libdw.pc file.
* Update libelf1.symbols and libdw1.symbols with 0.165 version
-- Kurt Roeckx <email address hidden> Mon, 11 Jan 2016 21:28:32 +0100
-
elfutils (0.164-1) unstable; urgency=medium
* New upstream release
- Fixes sparc64 issues (Closes: #805630)
- Drop patches applied upstream: 0001-Reduce-scope-of-some-includes.patch,
0002-tests-Mark-an-unused-argument-as-such.patch,
0003-tests-dwfl-bug-fd-leak-Guard-against-null-module-add.patch,
0004-tests-skip-run-deleted.sh-when-dwfl_linux_proc_attac.patch,
pr18792.diff
- Remove redhat-portability.diff and scanf-format.patch
- Update backend to use to stop using the old-style function
definition: hppa_backend.diff, m68k_backend.diff, mips_backend.diff
-- Kurt Roeckx <email address hidden> Sat, 26 Dec 2015 20:55:48 +0100
-
elfutils (0.163-5.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix finding the detached debug info when no build-id's are used.
Closes: #795386.
-- Matthias Klose <email address hidden> Fri, 14 Aug 2015 12:25:05 +0200
-
elfutils (0.163-4ubuntu1) wily; urgency=medium
* Disable the 0003-Add-mips-n64-relocation-format-hack patch (thanks
to Mark Wielaard). See #794488.
-- Matthias Klose <email address hidden> Sat, 08 Aug 2015 12:04:39 +0200