elfutils: security bump to version 0.174 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2018-11-12 23:44:31 +0100
committer	Peter Korsgaard <peter@korsgaard.com>	2018-11-13 09:16:58 +0100
commit	6a74acb6fb6b21a0a5c97cdfc73f0d20a9af2f75 (patch)
tree	0185846e2bac901028bbaa47452e89db8e7959ba /package/libv4l/0005-Add-missing-linux-bpf_common.h.patch
parent	1c32e4c298d02ce7ca3c3551be8c31051dde7801 (diff)
download	buildroot-6a74acb6fb6b21a0a5c97cdfc73f0d20a9af2f75.tar.gz buildroot-6a74acb6fb6b21a0a5c97cdfc73f0d20a9af2f75.zip

elfutils: security bump to version 0.174

Fixes the following security issues: CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. CVE-2018-16403: libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. For more details, see the announcement: https://sourceware.org/ml/elfutils-devel/2018-q3/msg00116.html 0.172 and 0.173 also included fixes for crashes and hangs found by afl-fuzz (no CVEs assigned): https://sourceware.org/ml/elfutils-devel/2018-q2/msg00272.html https://sourceware.org/ml/elfutils-devel/2018-q2/msg00209.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'package/libv4l/0005-Add-missing-linux-bpf_common.h.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: