Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:acdc:as_python3_module
patchinfo.25020
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.25020
<patchinfo incident="25020"> <issue tracker="cve" id="2018-18520"/> <issue tracker="cve" id="2017-7612"/> <issue tracker="cve" id="2019-7146"/> <issue tracker="cve" id="2017-7611"/> <issue tracker="cve" id="2019-7148"/> <issue tracker="cve" id="2019-7664"/> <issue tracker="cve" id="2019-7149"/> <issue tracker="cve" id="2017-7610"/> <issue tracker="cve" id="2017-7607"/> <issue tracker="cve" id="2018-16402"/> <issue tracker="cve" id="2018-16062"/> <issue tracker="cve" id="2017-7609"/> <issue tracker="cve" id="2018-18521"/> <issue tracker="cve" id="2018-18310"/> <issue tracker="cve" id="2018-16403"/> <issue tracker="cve" id="2017-7608"/> <issue tracker="cve" id="2019-7150"/> <issue tracker="cve" id="2019-7665"/> <issue tracker="cve" id="2017-7613"/> <issue tracker="bnc" id="1033090">VUL-1: CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file</issue> <issue tracker="bnc" id="1112726">VUL-1: CVE-2018-18520: elfutils: An Invalid Memory Address Dereference exists in the function elf_end in libelf</issue> <issue tracker="bnc" id="1125007">VUL-1: CVE-2019-7665: elfutils: heap-based buffer over-read in the function elf32_xlatetom in elf32_xlatetom.c</issue> <issue tracker="bnc" id="1123685">VUL-1: CVE-2019-7150: elfutils: segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to a missing check</issue> <issue tracker="bnc" id="1106390">VUL-1: CVE-2018-16062: elfutils: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18allows remote attackers to cause a denial of service (heap-based bufferover-read) via a crafted file.</issue> <issue tracker="bnc" id="1033086">VUL-1: CVE-2017-7609: elfutils: denial of service (memory consumption) via a crafted ELF file</issue> <issue tracker="bnc" id="1033089">VUL-1: CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue> <issue tracker="bnc" id="1033084">VUL-1: CVE-2017-7607: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue> <issue tracker="bnc" id="1033088">VUL-1: CVE-2017-7611: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue> <issue tracker="bnc" id="1104264">Recommended packages that are missing:</issue> <issue tracker="bnc" id="1107066">VUL-0: CVE-2018-16402: elfutils: Double-free due to double decompression of sections in crafted ELF causes crash</issue> <issue tracker="bnc" id="1112723">VUL-1: CVE-2018-18521: elfutils: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib</issue> <issue tracker="bnc" id="1082318">Packages must not mark license files as %doc</issue> <issue tracker="bnc" id="1107067">VUL-1: CVE-2018-16403: elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash</issue> <issue tracker="bnc" id="1033087">VUL-1: CVE-2017-7610: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue> <issue tracker="bnc" id="1033085">VUL-1: CVE-2017-7608: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue> <issue tracker="bnc" id="1111973">VUL-1: CVE-2018-18310: elfutils: An invalid memory address dereference in dwfl_segment_report_module.c</issue> <issue tracker="jsc" id="SLE-24501"></issue> <packager>jeff_mahoney</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for dwarves and elfutils</summary> <description>This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor