[ubuntu/trusty-security] valgrind 1:3.10.1-1ubuntu3~14.5 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jun 21 16:39:58 UTC 2017
valgrind (1:3.10.1-1ubuntu3~14.5) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow in string_appends
- debian/patches/CVE-2016-2226.patch: check for overflow in
coregrind/m_demangle/cplus-dem.c, add xmalloc_failed and xmemdup to
coregrind/m_demangle/vg_libciface.h.
- CVE-2016-2226
* SECURITY UPDATE: use-after-free vulnerabilities
- debian/patches/CVE-2016-4487_4488.patch: set bsize and ksize in
coregrind/m_demangle/cplus-dem.c.
- CVE-2016-4487
- CVE-2016-4488
* SECURITY UPDATE: integer overflow in gnu_special
- debian/patches/CVE-2016-4489.patch: handle case where consume_count
returns -1 in coregrind/m_demangle/cplus-dem.c.
- CVE-2016-4489
* SECURITY UPDATE: integer overflow after sanity checks
- debian/patches/CVE-2016-4490.patch: parse numbers as integer instead
of long in coregrind/m_demangle/cp-demangle.c.
- CVE-2016-4490
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2016-4491.patch: limit recursion in
coregrind/m_demangle/cp-demangle.c, coregrind/m_demangle/demangle.h.
- CVE-2016-4491
* SECURITY UPDATE: buffer overflow in do_type
- debian/patches/CVE-2016-4492_4493.patch: properly handle large values
and overflow in coregrind/m_demangle/cplus-dem.c.
- CVE-2016-4492
- CVE-2016-4493
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2016-6131.patch: prevent infinite recursion in
coregrind/m_demangle/cplus-dem.c, add XDUPVEC to
coregrind/m_demangle/vg_libciface.h.
- CVE-2016-6131
* debian/patches/new_kernel.patch: fix building on newer kernels.
Date: 2017-06-07 21:59:14.392967+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/valgrind/1:3.10.1-1ubuntu3~14.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list