Branch sisyphus update bulletin.

Package elfutils updated to version 0.161-alt1 for branch sisyphus in task 137196.

Published: 2014-04-11
Modified: 2024-11-21

CVE-2014-0172

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.

Severity: MEDIUM (6.8)

References:

[oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)
[oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)
66714
66714
USN-2188-1
USN-2188-1
https://bugzilla.redhat.com/show_bug.cgi?id=1085663
https://bugzilla.redhat.com/show_bug.cgi?id=1085663
[elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
[elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
GLSA-201612-32
GLSA-201612-32

Version: 2.1.0

Branch sisyphus update on 2014-12-21

ALT-BU-2014-3174-1

ALT-PU-2014-2479-1

Closed vulnerabilities

CVE-2014-0172