Accepted elfutils 0.159-4.2+deb8u1 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Jan 2018 19:03:02 +0100
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source amd64
Version: 0.159-4.2+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Kurt Roeckx <kurt@roeckx.be>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
elfutils - collection of utilities to handle ELF objects
libasm-dev - libasm development libraries and header files
libasm1 - library with a programmable assembler interface
libdw-dev - libdw1 development libraries and header files
libdw1 - library that provides access to the DWARF debug information
libelf-dev - libelf1 development libraries and header files
libelf1 - library to read and write ELF files
Changes:
elfutils (0.159-4.2+deb8u1) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2019-7665
Due to a heap-buffer-overflow problem in function elf32_xlatetom()
a crafted ELF input can cause segmentation faults.
* CVE-2019-7150
Add sanity check for partial core file dynamic data read.
* CVE-2019-7149
Due to a heap-buffer-overflow problem in function read_srclines()
a crafted ELF input can cause segmentation faults.
* CVE-2018-18521
By using a crafted ELF file, containing a zero sh_entsize, a
divide-by-zero vulnerability could allow remote attackers to
cause a denial of service (application crash).
* CVE-2018-18520
By fuzzing an Invalid Address Deference problem in function elf_end
has been found.
* CVE-2018-18310
By fuzzing an Invalid Address Read problem in eu-stack has been found.
* CVE-2018-16062
By using an AddressSanitizer a heap-buffer-overflow has been found.
* CVE-2017-7613
By using fuzzing it was found that an allocation failure was not
handled properly.
* CVE-2017-7612
By using a crafted ELF file, containing an invalid sh_entsize, a
remote attackers could cause a denial of service (application crash).
* CVE-2017-7611
By using a crafted ELF file a remote attackers could cause a denial
of service (application crash).
* CVE-2017-7610
By using a crafted ELF file a remote attackers could cause a denial
of service (application crash).
* CVE-2017-7608
By fuzzing a heap based buffer overflow has been detected.
Checksums-Sha1:
93e11c9cf1a9e7ff2564ae812a14dc68714c36ae 2460 elfutils_0.159-4.2+deb8u1.dsc
4ff214cdb95a10b03cf413f3d018393a838f98fc 5469000 elfutils_0.159.orig.tar.bz2
f3213fdf8c524ebd4d0ec335804dea9df097dd0c 54752 elfutils_0.159-4.2+deb8u1.debian.tar.xz
505c85572f227f8244c8cdd19e0cc9f02a608ddc 274896 elfutils_0.159-4.2+deb8u1_amd64.deb
c90c4c62b8780dfc9850449eadf7d04a40bc6d1f 160044 libelf1_0.159-4.2+deb8u1_amd64.deb
6fe42e1cd5817214da621234e03243e55dc57289 59328 libelf-dev_0.159-4.2+deb8u1_amd64.deb
6096d6c99025e822f5cee0414e3ec5d8345f0fb7 152224 libdw-dev_0.159-4.2+deb8u1_amd64.deb
08c6962981a328db021df9f114af4a7d48fa01f6 191148 libdw1_0.159-4.2+deb8u1_amd64.deb
521890676723acd15bd762b900605b3693888139 26564 libasm1_0.159-4.2+deb8u1_amd64.deb
ba442ecd7627f5d8dd44ae818d97e6024ec7eef1 28522 libasm-dev_0.159-4.2+deb8u1_amd64.deb
Checksums-Sha256:
86450e04f505b6494f37c3feb7e49dfd45b1e41cab1feb8fd2e076289ab331cf 2460 elfutils_0.159-4.2+deb8u1.dsc
fffaad1ba0c4ac5c8cee56dc195746e1f1e7197ba3eba7052ad5a3635ac1242e 5469000 elfutils_0.159.orig.tar.bz2
9999afa398db92ca15a2561edb75196a83dda66acc48fb4e1b52259e2312306a 54752 elfutils_0.159-4.2+deb8u1.debian.tar.xz
1653b554eda07bdcdc9a8b87bf3021efdc01b990ae8f271cc6d28c6e96361919 274896 elfutils_0.159-4.2+deb8u1_amd64.deb
876b1ba0cac1f74a93c52967cb6e2b7d073b8f830ed7f591e99f7e0f769edd56 160044 libelf1_0.159-4.2+deb8u1_amd64.deb
935ef605ebe135e7d5f597a8959233f81a8f45759404231870e69de71bb479b3 59328 libelf-dev_0.159-4.2+deb8u1_amd64.deb
9d5d50c6b0559f3a7f698158e99eb90bf80c24602f05879b319e44aa6289c7c1 152224 libdw-dev_0.159-4.2+deb8u1_amd64.deb
bebf676408d5a77ac7c515dbb80e49b27c53ee34cb8bb6df39b631063902691d 191148 libdw1_0.159-4.2+deb8u1_amd64.deb
a03010a3cffcab42869d8fd3f8b384693940c3e21cd0bec53da12ba683e3c690 26564 libasm1_0.159-4.2+deb8u1_amd64.deb
cf71a23800366db33e302f012d02c77a44b8902fb19e8e4ad9435a5a9a11bd89 28522 libasm-dev_0.159-4.2+deb8u1_amd64.deb
Files:
b56c771a056f7defaf8256856160f609 2460 libs optional elfutils_0.159-4.2+deb8u1.dsc
1f45a18231c782ccd0966059e2e42ea9 5469000 libs optional elfutils_0.159.orig.tar.bz2
bb973234c8384c7e89b50b665cf8a02c 54752 libs optional elfutils_0.159-4.2+deb8u1.debian.tar.xz
92a159b1300e7ff373c3a4a2c6e1e84a 274896 utils optional elfutils_0.159-4.2+deb8u1_amd64.deb
977185d681ee395d798506ba78802fc9 160044 libs optional libelf1_0.159-4.2+deb8u1_amd64.deb
cfd84d1795cefdbf8b359d35ee8cfd39 59328 libdevel optional libelf-dev_0.159-4.2+deb8u1_amd64.deb
3b2af85149bbdc7a33a5e4c61bcb9c47 152224 libdevel optional libdw-dev_0.159-4.2+deb8u1_amd64.deb
cad2d6357eb7a6e7b4e5eccbd8890497 191148 libs optional libdw1_0.159-4.2+deb8u1_amd64.deb
3ec2c73840cf8bf2a8d70b434af8111a 26564 libs optional libasm1_0.159-4.2+deb8u1_amd64.deb
df1510de717d6f396c77801c6a70bd37 28522 libdevel optional libasm-dev_0.159-4.2+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlx0PrxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2b5D/4tWY0jnYIZHJFR6fdVlhivwoZY4tLK
7LXnjGgkci3ZzFZ/HdqMmOFIdU84v21dckcPYeEvX6gC9lM/B3X2nVKWWp706Vu3
nCB3cLyQGCK6S9wO3ZE+AXi0EAAC3OuixIBXKGZGrPN/Sy1RZTCCRWCoi8Xvm0j9
uJQNu/PvL3B694KZDzWeyPNWCGoPDAv18PamGcRQa1F/L/66boaUb6KkOwgqWN7F
X1FnHiCtkZGzVzcPA+Y/mVH3hBpu142fxK1iwg3854FZ/8OtgcB43sEzKtm8X2AY
kU+WpUf6sjZDXaciTdS1v6dlk4Njjf4yRc+YbahQKAplweRrqGjJUKbu7PDWL7D3
mjwklf7mwP28KeVZiSFTqEgc4egeJkeAF/HLqdaosh0OiVGUTNtvBAMe5uAPOzSc
dF2zu/mbC3Am7b2difwrRabAIPrRH2zKjwJ9MELrvB2wIoxiJYaON64asWh6n4/V
M4024jiirco9LVNlfthNAyIdviH6h4GsRuwYPqjDL01fh0/HmGoR9R3ar54Tnpyg
UbVeokuh029FDsa4i53xZ7WJ2wNVM2h4Hf7pxWxEnaPI7zNKsA66h2Ufy2FUt2n2
VucqOdiJV7IF2PxuRH358OPT6qjNLMotIQ/j8fG2Ku+1MMC4cUM3htlYlthszk8k
FwiBYr0814KI1w==
=iL09
-----END PGP SIGNATURE-----