Publishing details
Changelog
elfutils (0.158-0ubuntu5.3) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading
an ELF file for sanity checks. Based on upstream patch.
- CVE-2016-10254
* SECURITY UPDATE: Denial of service via memory consumption when handling
crafted ELF files
- debian/patches/CVE-2016-10255.patch: Sanity check offset and size before
trying to malloc and read data. Based on upstream patch.
- CVE-2016-10255
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7607-1.patch: Sanity check hash section contents
before processing. Based on upstream patch.
- debian/patches/CVE-2017-7607-2.patch: Fix off by one sanity check in
handle_gnu_hash. Based on upstream patch.
- CVE-2017-7607
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7608.patch: Use the empty string for note names
with zero size. Based on upstream patch.
- CVE-2017-7608
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7610.patch: Don't check section group without
flags word. Based on upstream patch.
- CVE-2017-7610
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7611.patch: Check symbol table data is big
enough before checking. Based on upstream patch.
- CVE-2017-7611
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking
hash sections. Based on upstream patch.
- CVE-2017-7612
* SECURITY UPDATE: Denial of service via memory consumption when handling
crafted ELF files
- debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and
shdrs available. Based on upstream patch.
- CVE-2017-7613
-- Tyler Hicks <email address hidden> Wed, 17 May 2017 23:27:15 +0000
Builds
Built packages
-
elfutils
collection of utilities to handle ELF objects
-
elfutils-dbgsym
debug symbols for package elfutils
-
libasm-dev
libasm development libraries and header files
-
libasm1
library with a programmable assembler interface
-
libasm1-dbgsym
debug symbols for package libasm1
-
libdw-dev
libdw1 development libraries and header files
-
libdw1
library that provides access to the DWARF debug information
-
libdw1-dbgsym
debug symbols for package libdw1
-
libelf-dev
libelf1 development libraries and header files
-
libelf1
library to read and write ELF files
-
libelf1-dbgsym
debug symbols for package libelf1
Package files