Arch Linux: 2016-01-22 ASA-201601-22 Low Severity Denial Of Service

Arch Linux Security Advisory ASA-201601-22
=========================================
Severity: Low
Date    : 2016-01-21
CVE-ID  : CVE-2015-8750
Package : libdwarf
Type    : denial of service
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package libdwarf before version 20160115-1 is vulnerable to denial
of service.

Resolution
=========
Upgrade to 20160115-1.

# pacman -Syu "libdwarf>=20160115-1"

The problem has been fixed upstream in version 20160115.

Workaround
=========
None.

Description
==========
A problem has been discovered when the debug_abbrev section is marked as
NOBITS in the ELF file - in other words as a zero-init section rather
than a section with contents in the file. Such a crafted section is
leading to a null pointer dereference resulting in denial of service.

Impact
=====
A local attacker is able to create a specially crafted file with
zero-init section that, when processed, is leading to a denial of service.

References
=========
https://access.redhat.com/security/cve/CVE-2015-8750
https://bugzilla.redhat.com/show_bug.cgi?id=1294264