Arch Linux Security Advisory ASA-201606-23
=========================================
Severity: High
Date    : 2016-06-25
CVE-ID  : CVE-2016-5027 CVE-2016-5028 CVE-2016-5029 CVE-2016-5030
          CVE-2016-5031 CVE-2016-5032 CVE-2016-5033 CVE-2016-5034
          CVE-2016-5035 CVE-2016-5036 CVE-2016-5037 CVE-2016-5038
          CVE-2016-5039 CVE-2016-5040 CVE-2016-5041 CVE-2016-5042
          CVE-2016-5043 CVE-2016-5044
Package : libdwarf
Type    : arbitrary code execution
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package libdwarf before version 20160613-1 is vulnerable to
arbitrary code execution.

Resolution
=========
Upgrade to 20160613-1.

# pacman -Syu "libdwarf>=20160613-1"

The problems have been fixed upstream in version 20160613.

Workaround
=========
None.

Description
==========
- CVE-2016-5027 (denial of service)

Multiple NULL pointer dereference issues in several functions of
libdwarf/dwarf_leb.c, where leb128_length was wrongly assumed non-NULL.

- CVE-2016-5028 (denial of service)

NULL pointer dereference issue in print_frame_inst_bytes().

- CVE-2016-5029 (denial of service)

NULL pointer dereference issue in create_fullest_file_path().

- CVE-2016-5030 (denial of service)

NULL pointer dereference issue in _dwarf_calculate_info_section_end_ptr().

- CVE-2016-5031 (denial of service)

Out-of-bounds read bug in print_frame_inst_bytes().

- CVE-2016-5032 (denial of service)

Out-of-bounds read bug in dwarf_get_xu_hash_entry().

- CVE-2016-5033 (denial of service)

Out-of-bounds read bug in print_exprloc_content().

- CVE-2016-5034 (arbitrary code execution)

Invalid write in dwarf_elf_access.c.

- CVE-2016-5035 (denial of service)

Out-of-bounds read bug in _dwarf_read_line_table_header().

- CVE-2016-5036 (denial of service)

Out-of-bounds read bug in dump_block().

- CVE-2016-5037 (denial of service)

NULL pointer dereference issue in _dwarf_load_section().

- CVE-2016-5038 (denial of service)

NULL pointer dereference issue in dwarf_get_macro_startend_file().

- CVE-2016-5039 (denial of service)

Out-of-bounds read bug in get_attr_value().

- CVE-2016-5040 (denial of service)

Out-of-bounds read bug.

- CVE-2016-5041 (denial of service)

NULL pointer dereference issue.

- CVE-2016-5042 (denial of service)

Infinite loop leading to out-of-bounds read in dwarf_get_aranges_list().

- CVE-2016-5043 (denial of service)

Out-of-bounds read bug in dwarf_dealloc().

- CVE-2016-5044 (arbitrary code execution)

Heap-overflow.


Impact
=====
An attacker might be able to execute arbitrary code on the affected host
with a crafted ELF file, or crafted dwarf sections in a object file.

References
=========
https://seclists.org/oss-sec/2016/q2/393
https://www.prevanders.net/dwarfbug.html
https://access.redhat.com/security/cve/CVE-2016-5027
https://access.redhat.com/security/cve/CVE-2016-5028
https://access.redhat.com/security/cve/CVE-2016-5029
https://access.redhat.com/security/cve/CVE-2016-5030
https://access.redhat.com/security/cve/CVE-2016-5031
https://access.redhat.com/security/cve/CVE-2016-5032
https://access.redhat.com/security/cve/CVE-2016-5033
https://access.redhat.com/security/cve/CVE-2016-5034
https://access.redhat.com/security/cve/CVE-2016-5035
https://access.redhat.com/security/cve/CVE-2016-5036
https://access.redhat.com/security/cve/CVE-2016-5037
https://access.redhat.com/security/cve/CVE-2016-5038
https://access.redhat.com/security/cve/CVE-2016-5039
https://access.redhat.com/security/cve/CVE-2016-5040
https://access.redhat.com/security/cve/CVE-2016-5041
https://access.redhat.com/security/cve/CVE-2016-5042
https://access.redhat.com/security/cve/CVE-2016-5043
https://access.redhat.com/security/cve/CVE-2016-5044

ArchLinux: 201606-23: libdwarf: arbitrary code execution

June 25, 2016

Summary

- CVE-2016-5027 (denial of service) Multiple NULL pointer dereference issues in several functions of libdwarf/dwarf_leb.c, where leb128_length was wrongly assumed non-NULL.
- CVE-2016-5028 (denial of service)
NULL pointer dereference issue in print_frame_inst_bytes().
- CVE-2016-5029 (denial of service)
NULL pointer dereference issue in create_fullest_file_path().
- CVE-2016-5030 (denial of service)
NULL pointer dereference issue in _dwarf_calculate_info_section_end_ptr().
- CVE-2016-5031 (denial of service)
Out-of-bounds read bug in print_frame_inst_bytes().
- CVE-2016-5032 (denial of service)
Out-of-bounds read bug in dwarf_get_xu_hash_entry().
- CVE-2016-5033 (denial of service)
Out-of-bounds read bug in print_exprloc_content().
- CVE-2016-5034 (arbitrary code execution)
Invalid write in dwarf_elf_access.c.
- CVE-2016-5035 (denial of service)
Out-of-bounds read bug in _dwarf_read_line_table_header().
- CVE-2016-5036 (denial of service)
Out-of-bounds read bug in dump_block().
- CVE-2016-5037 (denial of service)
NULL pointer dereference issue in _dwarf_load_section().
- CVE-2016-5038 (denial of service)
NULL pointer dereference issue in dwarf_get_macro_startend_file().
- CVE-2016-5039 (denial of service)
Out-of-bounds read bug in get_attr_value().
- CVE-2016-5040 (denial of service)
Out-of-bounds read bug.
- CVE-2016-5041 (denial of service)
NULL pointer dereference issue.
- CVE-2016-5042 (denial of service)
Infinite loop leading to out-of-bounds read in dwarf_get_aranges_list().
- CVE-2016-5043 (denial of service)
Out-of-bounds read bug in dwarf_dealloc().
- CVE-2016-5044 (arbitrary code execution)
Heap-overflow.

Resolution

Upgrade to 20160613-1. # pacman -Syu "libdwarf>=20160613-1"
The problems have been fixed upstream in version 20160613.

References

https://seclists.org/oss-sec/2016/q2/393 https://www.prevanders.net/dwarfbug.html https://access.redhat.com/security/cve/CVE-2016-5027 https://access.redhat.com/security/cve/CVE-2016-5028 https://access.redhat.com/security/cve/CVE-2016-5029 https://access.redhat.com/security/cve/CVE-2016-5030 https://access.redhat.com/security/cve/CVE-2016-5031 https://access.redhat.com/security/cve/CVE-2016-5032 https://access.redhat.com/security/cve/CVE-2016-5033 https://access.redhat.com/security/cve/CVE-2016-5034 https://access.redhat.com/security/cve/CVE-2016-5035 https://access.redhat.com/security/cve/CVE-2016-5036 https://access.redhat.com/security/cve/CVE-2016-5037 https://access.redhat.com/security/cve/CVE-2016-5038 https://access.redhat.com/security/cve/CVE-2016-5039 https://access.redhat.com/security/cve/CVE-2016-5040 https://access.redhat.com/security/cve/CVE-2016-5041 https://access.redhat.com/security/cve/CVE-2016-5042 https://access.redhat.com/security/cve/CVE-2016-5043 https://access.redhat.com/security/cve/CVE-2016-5044

Severity
CVE-2016-5031 CVE-2016-5032 CVE-2016-5033 CVE-2016-5034
CVE-2016-5035 CVE-2016-5036 CVE-2016-5037 CVE-2016-5038
CVE-2016-5039 CVE-2016-5040 CVE-2016-5041 CVE-2016-5042
CVE-2016-5043 CVE-2016-5044
Package : libdwarf
Type : arbitrary code execution
Remote : No
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved