[ubuntu/trusty-security] elfutils 0.158-0ubuntu5.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jun 5 14:09:42 UTC 2018 

elfutils (0.158-0ubuntu5.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading
      an ELF file for sanity checks. Based on upstream patch.
    - CVE-2016-10254
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2016-10255.patch: Sanity check offset and size before
      trying to malloc and read data. Based on upstream patch.
    - CVE-2016-10255
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7607-1.patch: Sanity check hash section contents
      before processing. Based on upstream patch.
    - debian/patches/CVE-2017-7607-2.patch: Fix off by one sanity check in
      handle_gnu_hash. Based on upstream patch.
    - CVE-2017-7607
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7608.patch: Use the empty string for note names
      with zero size. Based on upstream patch.
    - CVE-2017-7608
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7610.patch: Don't check section group without
      flags word. Based on upstream patch.
    - CVE-2017-7610
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7611.patch: Check symbol table data is big
      enough before checking. Based on upstream patch.
    - CVE-2017-7611
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking
      hash sections. Based on upstream patch.
    - CVE-2017-7612
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and
      shdrs available. Based on upstream patch.
    - CVE-2017-7613

Date: 2017-05-18 21:42:13.573799+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/elfutils/0.158-0ubuntu5.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list