Format: 1.8 Date: Fri, 07 Jun 2019 12:37:02 -0400 Source: elfutils Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev Architecture: amd64 amd64_translations Version: 0.165-3ubuntu1.2 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: elfutils - collection of utilities to handle ELF objects libasm-dev - libasm development libraries and header files libasm1 - library with a programmable assembler interface libdw-dev - libdw1 development libraries and header files libdw1 - library that provides access to the DWARF debug information libelf-dev - libelf1 development libraries and header files libelf1 - library to read and write ELF files Changes: elfutils (0.165-3ubuntu1.2) xenial-security; urgency=medium . * SECURITY UPDATE: DoS via a crafted file - debian/patches/CVE-2018-16062.patch: make sure there is enough data to read full aranges header in libdw/dwarf_getaranges.c, src/readelf.c. - CVE-2018-16062 * SECURITY UPDATE: double free and application crash - debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c, libelf/libelf.h. - CVE-2018-16402 * SECURITY UPDATE: incorrect end of the attributes list check - debian/patches/CVE-2018-16403.patch: check end of attributes list consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c. - CVE-2018-16403 * SECURITY UPDATE: invalid memory address dereference - debian/patches/CVE-2018-18310.patch: sanity check partial core file data reads in libdwfl/dwfl_segment_report_module.c. - CVE-2018-18310 * SECURITY UPDATE: invalid memory address dereference - debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in src/size.c. - CVE-2018-18520 * SECURITY UPDATE: divide by zero vulnerabilties - debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero in src/arlib.c. - CVE-2018-18521 * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2019-7149.patch: check terminating NUL byte in dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c, src/readelf.c. - CVE-2019-7149 * SECURITY UPDATE: incorrect truncated dyn data read handling - debian/patches/CVE-2019-7150.patch: sanity check partial core file dyn data read in libdwfl/dwfl_segment_report_module.c. - CVE-2019-7150 * SECURITY UPDATE: heap-based buffer over-read - debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes contain a zero terminated string in libdwfl/linux-core-attach.c, libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c. - CVE-2019-7665 Checksums-Sha1: 8596aaa10cf28a974a8bc3636a03550b71dd84a6 609086 elfutils-dbgsym_0.165-3ubuntu1.2_amd64.ddeb 751f72d81cf43c01bfed55a31e41d461df8311ef 281256 elfutils_0.165-3ubuntu1.2_amd64.deb b89a7bc67ca772534f9bed103242b647002d1c01 562113 elfutils_0.165-3ubuntu1.2_amd64_translations.tar.gz b0e9c8b4dc6cc8ea49df1f5ed7f8c52cf8079c22 17264 libasm-dev_0.165-3ubuntu1.2_amd64.deb f53047ed383e474b63199ece6b54ce2a78e8f740 43078 libasm1-dbgsym_0.165-3ubuntu1.2_amd64.ddeb 729e06681ed4a29b84e71334ab9de2e7f35599ee 15498 libasm1_0.165-3ubuntu1.2_amd64.deb 238dab7c6ce0b55e4b4960ff6d672bd68f6697f0 156754 libdw-dev_0.165-3ubuntu1.2_amd64.deb d30db7b5c62d3474ef2797bb2fdac5657a89a3cf 590212 libdw1-dbgsym_0.165-3ubuntu1.2_amd64.ddeb bd98166e63865153a63864e782e9e3d0060bae30 191562 libdw1_0.165-3ubuntu1.2_amd64.deb 233047742c872f2aecccbb92283ae8cad96402ff 54512 libelf-dev_0.165-3ubuntu1.2_amd64.deb 6e00afff31ee62e577147d846868e8c4182169d7 126570 libelf1-dbgsym_0.165-3ubuntu1.2_amd64.ddeb c343dab5157b99f4976547e095ef89784c8129c6 43546 libelf1_0.165-3ubuntu1.2_amd64.deb Checksums-Sha256: 86512bea64c70733627e73fbb70aa729d23236f730d4e916b6b5bc5ead1d6d27 609086 elfutils-dbgsym_0.165-3ubuntu1.2_amd64.ddeb 5c08544cb8e282da8915cb4a2376122d1a738752dac38393e8ab449741b3a220 281256 elfutils_0.165-3ubuntu1.2_amd64.deb 5845e622f87b03187c4fbf6ca2966d6f189c454ef3a9d85a3952aac45105eb26 562113 elfutils_0.165-3ubuntu1.2_amd64_translations.tar.gz cc482539f466d28bb2c1c88217077d632e1cc72c2f7d362c314d25f3c5ccd047 17264 libasm-dev_0.165-3ubuntu1.2_amd64.deb 8c1b0e160321c26ee0ad3ebc735ae5d6f1b7ff971484211ddc6278efcef6e43f 43078 libasm1-dbgsym_0.165-3ubuntu1.2_amd64.ddeb 10c9901428c98cb94e7e7d437fbc5bdfc126045d20e6c25e99d78718a619fa9c 15498 libasm1_0.165-3ubuntu1.2_amd64.deb b92184192f27a8c951edac2e96e123b92425fffe8cb4f838c29ada81c1434eeb 156754 libdw-dev_0.165-3ubuntu1.2_amd64.deb 326f1644cd46e74522d7d67e40557c7115601f434f32fc9462eb66e256be2af6 590212 libdw1-dbgsym_0.165-3ubuntu1.2_amd64.ddeb 4744a3c67593e7c5f7381a8dbacdf0fec53a41dc7cdd8c95db62a86089c5b421 191562 libdw1_0.165-3ubuntu1.2_amd64.deb 6209e0e1966ba9b419969d799fc25f48dae600bc2da189a35b032ef2158d1455 54512 libelf-dev_0.165-3ubuntu1.2_amd64.deb 83e2284bad7646493f61216062518c33bd9b454809c419edb7a4bfacfd3385ac 126570 libelf1-dbgsym_0.165-3ubuntu1.2_amd64.ddeb b77d26101dc80d4d556a6ea5e16295ce6bc8f9934179596f270b9e1cd1d4edae 43546 libelf1_0.165-3ubuntu1.2_amd64.deb Files: 691baa5a5d0e0c368549231fc33d069a 609086 utils extra elfutils-dbgsym_0.165-3ubuntu1.2_amd64.ddeb a5050b98dfd0af58fa630b540d156511 281256 utils optional elfutils_0.165-3ubuntu1.2_amd64.deb e925ba4f11c4e09b5f0920681804e212 562113 raw-translations - elfutils_0.165-3ubuntu1.2_amd64_translations.tar.gz 8eed025b5209e9d8377ab8bf5272f92f 17264 libdevel optional libasm-dev_0.165-3ubuntu1.2_amd64.deb 9a57789b05b28b9cfb1e6c4ceef1d16f 43078 libs extra libasm1-dbgsym_0.165-3ubuntu1.2_amd64.ddeb 594f3de944c22bfafa14d8f6aebe1b1e 15498 libs optional libasm1_0.165-3ubuntu1.2_amd64.deb c9de4f7fb2ea337eb3cd6acc032f798d 156754 libdevel optional libdw-dev_0.165-3ubuntu1.2_amd64.deb f668b07b76afc7c4e0706116174b1da7 590212 libs extra libdw1-dbgsym_0.165-3ubuntu1.2_amd64.ddeb a82e7e5d92e63083b04546550fd11ceb 191562 libs optional libdw1_0.165-3ubuntu1.2_amd64.deb 78f2c7f7bf0810130fbf22bdba71aeb7 54512 libdevel optional libelf-dev_0.165-3ubuntu1.2_amd64.deb 9adb76514db5789f437b01cd9267900e 126570 libs extra libelf1-dbgsym_0.165-3ubuntu1.2_amd64.ddeb 2d7aa092fa98f2f035fc4c225e129b9c 43546 libs optional libelf1_0.165-3ubuntu1.2_amd64.deb Original-Maintainer: Kurt Roeckx