Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Überschreiben von Dateien in elfutils
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in elfutils
ID: FEDORA-2015-0677
Distribution: Fedora
Plattformen: Fedora 20
Datum: Mi, 21. Januar 2015, 07:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447

Originalnachricht

Name        : elfutils
Product : Fedora 20
Version : 0.161
Release : 2.fc20
URL : https://fedorahosted.org/elfutils/
Summary : A collection of utilities and DSOs to handle compiled objects
Description :
Elfutils is a collection of utilities, including stack (to show
backtraces), nm (for listing symbols from object files), size
(for listing the section sizes of an object or archive file),
strip (for discarding symbols), readelf (to see the raw ELF file
structures), and elflint (to check for well-formed ELF files).

-------------------------------------------------------------------------------
-
Update Information:

Update to elfutils 0.161. Security fix for CVE-2014-9447.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Jan 13 2015 Mark Wielaard <mjw@redhat.com> - 0.161-2
- Add elfutils-0.161-ar-long-name.patch (#1181525 CVE-2014-9447)
* Fri Dec 19 2014 Mark Wielaard <mjw@redhat.com> - 0.161-1
- Update to 0.161.
* Wed Aug 27 2014 Mark Wielaard <mjw@redhat.com> - 0.160-1
- Update to 0.160.
- Remove integrated upstream patches:
elfutils-aarch64-user_regs_struct.patch
elfutils-0.159-argp-attach.patch
elfutils-0.159-aarch64-bool-ret.patch
elfutils-0.159-elf-h.patch
elfutils-0.159-ppc64le-elfv2-abi.patch
elfutils-0.159-report_r_debug.patch
elfutils-0.159-ko_xz.patch
* Sat Aug 16 2014 Mark Wielaard <mjw@redhat.com> - 0.159-10
- Add elfutils-0.159-ko_xz.patch
* Sat Aug 16 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 0.159-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Mon Jul 28 2014 Mark Wielaard <mjw@redhat.com> - 0.159-8
- Add elfutils-0.159-report_r_debug.patch (#1112610)
* Fri Jul 18 2014 Mark Wielaard <mjw@redhat.com> - 0.159-7
- Add configure check to elfutils-aarch64-user_regs_struct.patch.
* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 0.159-6
- fix license handling
* Fri Jul 4 2014 Mark Wielaard <mjw@redhat.com> - 0.159-5
- Add elfutils-0.159-aarch64-bool-ret.patch
- Add elfutils-0.159-elf-h.patch
- Add elfutils-0.159-ppc64le-elfv2-abi.patch (#1110249)
* Tue Jun 10 2014 Mark Wielaard <mjw@redhat.com> - 0.159-4
- Add elfutils-0.159-argp-attach.patch (#1107654)
* Mon Jun 9 2014 Kyle McMartin <kyle@fedoraproject.org> - 0.159-3
- AArch64: handle new glibc-headers which provides proper GETREGSET structs.
* Sat Jun 7 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 0.159-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 19 2014 Mark Wielaard <mjw@redhat.com> - 0.159-1
- Update to 0.159.
- Remove integrated upstream patches:
robustify.patch, mod-e_type.patch and CVE-2014-0172.patch.
- Remove special handling of now default compile and configure flags:
Don't remove -Werror=format-security, don't configure --enable-dwz.
* Thu Apr 10 2014 Mark Wielaard <mjw@redhat.com> - 0.158-3
- Add elfutils-0.158-CVE-2014-0172.patch (#1085729)
* Tue Mar 11 2014 Mark Wielaard <mjw@redhat.com> - 0.158-2
- Add elfutils-0.158-mod-e_type.patch.
* Mon Jan 6 2014 Mark Wielaard <mjw@redhat.com> - 0.158-1
- Update to 0.158. Remove all patches now upstream. Add eu-stack.
* Thu Dec 19 2013 Mark Wielaard <mjw@redhat.com> - 0.157-4
- Add elfutils-0.157-aarch64-got-special-symbol.patch.
- Remove -Werror=format-security from RPM_OPT_FLAGS.
* Fri Dec 13 2013 Petr Machata <pmachata@redhat.com> - 0.157-3
- Add upstream support for aarch64
* Wed Oct 9 2013 Mark Wielaard <mjw@redhat.com> 0.157-2
- Show tests/test-suite.log in build.log when make check fails.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1178888 - CVE-2014-9447 elfutils: directory traversal in
read_long_names()
https://bugzilla.redhat.com/show_bug.cgi?id=1178888
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update elfutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung