Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in libdwarf
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in libdwarf
ID: FEDORA-2016-f36c5935e5
Distribution: Fedora
Plattformen: Fedora 24
Datum: Do, 12. Mai 2016, 18:26
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2091

Originalnachricht

Name        : libdwarf
Product : Fedora 24
Version : 20160507
Release : 1.fc24
URL : http://www.prevanders.net/dwarf.html
Summary : Library to access the DWARF Debugging file format
Description :
Library to access the DWARF debugging file format which supports
source level debugging of a number of procedural languages, such as C, C++,
and Fortran. Please see http://www.dwarfstd.org for DWARF specification.

-------------------------------------------------------------------------------
-
Update Information:

Update to 20160507 release - fixes many outstanding crash bugs
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1299966 - CVE-2016-2091 libdwarf: Out-of-bounds read in
dwarf_frame2.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1299966
[ 2 ] Bug #1300332 - CVE-2016-2050 libdwarf: Out-of-bounds write in
get_abbrev_array_info [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300332
[ 3 ] Bug #1334068 - libdwarf-20160507 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1334068
[ 4 ] Bug #1332149 - Null dereference bug in READ_AREA_LENGTH()
https://bugzilla.redhat.com/show_bug.cgi?id=1332149
[ 5 ] Bug #1332148 - Null dereference bug in _dwarf_file_name_is_full_path()
https://bugzilla.redhat.com/show_bug.cgi?id=1332148
[ 6 ] Bug #1332145 - A approximate infinite loop bugs in
dwarf_get_aranges_list()
https://bugzilla.redhat.com/show_bug.cgi?id=1332145
[ 7 ] Bug #1332144 - Out of bound read bug in dwarf_dealloc()
https://bugzilla.redhat.com/show_bug.cgi?id=1332144
[ 8 ] Bug #1332141 - Heap Overflow bug in update_entry().
https://bugzilla.redhat.com/show_bug.cgi?id=1332141
[ 9 ] Bug #1330237 - NULL dereference bug in _dwarf_decode_s_leb128
https://bugzilla.redhat.com/show_bug.cgi?id=1330237
[ 10 ] Bug #1316695 - libdwarf not checking whether error is null before
attempting to use it for dwarf_srcfiles
https://bugzilla.redhat.com/show_bug.cgi?id=1316695
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update libdwarf' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung