drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberlauf in elfutils
| Name: |
Zahlenüberlauf in elfutils |
|
| ID: |
FEDORA-2014-5015 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 20 |
|
| Datum: |
Fr, 18. April 2014, 22:50 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0172 |
|
| Applikationen: |
elfutils |
|
Originalnachricht |
Name : elfutils
Product : Fedora 20
Version : 0.158
Release : 3.fc20
URL : https://fedorahosted.org/elfutils/
Summary : A collection of utilities and DSOs to handle compiled objects
Description :
Elfutils is a collection of utilities, including ld (a linker),
nm (for listing symbols from object files), size (for listing the
section sizes of an object or archive file), strip (for discarding
symbols), readelf (to see the raw ELF file structures), and elflint
(to check for well-formed ELF files).
-------------------------------------------------------------------------------
-
Update Information:
Fix CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer
overflow in libdw.
Update to 0.158. Support for aarch64. Unwinder support for i386, x86_64, s390,
s390x, ppc and ppc64. Add eu-stack.
-------------------------------------------------------------------------------
-
ChangeLog:
* Thu Apr 10 2014 Mark Wielaard <mjw@redhat.com> - 0.158-3
- Add elfutils-0.158-CVE-2014-0172.patch (#1085729)
* Tue Mar 11 2014 Mark Wielaard <mjw@redhat.com> - 0.158-2
- Add elfutils-0.158-mod-e_type.patch.
* Mon Jan 6 2014 Mark Wielaard <mjw@redhat.com> - 0.158-1
- Update to 0.158. Remove all patches now upstream. Add eu-stack.
* Thu Dec 19 2013 Mark Wielaard <mjw@redhat.com> - 0.157-4
- Add elfutils-0.157-aarch64-got-special-symbol.patch.
- Remove -Werror=format-security from RPM_OPT_FLAGS.
* Fri Dec 13 2013 Petr Machata <pmachata@redhat.com> - 0.157-3
- Add upstream support for aarch64
* Wed Oct 9 2013 Mark Wielaard <mjw@redhat.com> 0.157-2
- Show tests/test-suite.log in build.log when make check fails.
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #1085663 - CVE-2014-0172 elfutils: integer overflow, leading to a
heap-based buffer overflow in libdw
https://bugzilla.redhat.com/show_bug.cgi?id=1085663
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update elfutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|
