[Buildroot] [PATCH 1/1] package/elfutils: security bump to version 0.176
Peter Korsgaard
peter at korsgaard.com
Fri Aug 30 20:29:57 UTC 2019
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fixes CVE-2018-18310: An invalid memory address dereference was
> discovered in dwfl_segment_report_module.c in libdwfl in elfutils
> through v0.174. The vulnerability allows attackers to cause a denial of
> service (application crash) with a crafted ELF file, as demonstrated by
> consider_notes.
> Fixes CVE-2018-18520: An Invalid Memory Address Dereference exists in
> the function elf_end in libelf in elfutils through v0.174. Although
> eu-size is intended to support ar files inside ar files,
> handle_ar in size.c closes the outer ar file before handling all inner
> entries. The vulnerability allows attackers to cause a denial of service
> (application crash) with a crafted ELF file.
> Fixes CVE-2018-18521: Divide-by-zero vulnerabilities in the function
> arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers
> to cause a denial of service (application crash) with a crafted ELF
> file, as demonstrated by eu-ranlib, because a zero sh_entsize is
> mishandled.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2019.02.x and 2019.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list