Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Fedora 28: FEDORA-2018-f91531043d Moderate: Elfutils Buffer Over-Read

fedora
Calendar Grey June 8, 2018
Dist Fedora Esm H88
Recent elfutils patch resolves stack overflow issues and incorporates DWARF5 features in Fedora 28 for improved performance.
DWARF5 and split dwarf, including GNU DebugFission, support.

Summary

Elfutils is a collection of utilities, including stack (to show

backtraces), nm (for listing symbols from object files), size

(for listing the section sizes of an object or archive file),

strip (for discarding symbols), readelf (to see the raw ELF file

structures), elflint (to check for well-formed ELF files) and

elfcompress (to compress or decompress ELF sections).

DWARF5 and split dwarf, including GNU DebugFission, support.

* Fri Jun 1 2018 Mark Wielaard - 0.171-1

- New upstream release.

- DWARF5 and split dwarf, including GNU DebugFission, support.

- readelf: Handle all new DWARF5 sections.

--debug-dump=info+ will show split unit DIEs when found.

--dwarf-skeleton can be used when inspecting a .dwo file.

Recognizes GNU locviews with --debug-dump=loc.

- libdw: New functions dwarf_die_addr_die, dwarf_get_units,

dwarf_getabbrevattr_data and dwarf_cu_info.

libdw will now try to resolve the alt file on first use

when not set yet with dwarf_set_alt.

dwarf_aggregate_size() now works with multi-dimensional arrays.

- libdwfl: Use process_vm_readv when available instead of ptrace.

- backends: Add a RISC-V backend.

[ 1 ] Bug #1559243 - CVE-2018-8769 elfutils: buffer over-read in ebldynamictagname.c:ebl_dynamic_tag_name() allows for denial of service [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1559243

su -c 'dnf upgrade --advisory FEDORA-2018-f91531043d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EP43TAFBHQYHEVFEGFYOXUFAUCL3CQVB/

Topics%20covered

Topics Covered

security advisory denial of service fedora elfutils buffer over-read dwarf support

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 0.171
Release: 1.fc28
URL: https://sourceware.org/elfutils/
Summary: A collection of utilities and DSOs to handle ELF files and DWARF data

Topics%20covered

Topics Covered

security advisory denial of service fedora elfutils buffer over-read dwarf support

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here