ubuntu/+source/elfutils:applied/ubuntu/bionic-security

Last commit made on 2019-06-10
Get this branch:
git clone -b applied/ubuntu/bionic-security https://git.launchpad.net/ubuntu/+source/elfutils
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/bionic-security
Repository:
lp:ubuntu/+source/elfutils

Recent commits

3d0b8bb... by Marc Deslauriers on 2019-06-07

Import patches-applied version 0.170-0.4ubuntu0.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 3630e16ddb5693d31477fcbad2e33b1b4d04e80a
Unapplied parent: bed119f88e9d4bc9a724dfaab52f478e1d3f7ec4

New changelog entries:
  * SECURITY UPDATE: DoS via a crafted file
    - debian/patches/CVE-2018-16062.patch: make sure there is enough data
      to read full aranges header in libdw/dwarf_getaranges.c,
      src/readelf.c.
    - CVE-2018-16062
  * SECURITY UPDATE: double free and application crash
    - debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu
      is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c,
      libelf/libelf.h.
    - CVE-2018-16402
  * SECURITY UPDATE: incorrect end of the attributes list check
    - debian/patches/CVE-2018-16403.patch: check end of attributes list
      consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c.
    - CVE-2018-16403
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18310.patch: sanity check partial core file
      data reads in libdwfl/dwfl_segment_report_module.c.
    - CVE-2018-18310
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in
      src/size.c.
    - CVE-2018-18520
  * SECURITY UPDATE: divide by zero vulnerabilties
    - debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero
      in src/arlib.c.
    - CVE-2018-18521
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7149.patch: check terminating NUL byte in
      dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c,
      src/readelf.c.
    - CVE-2019-7149
  * SECURITY UPDATE: incorrect truncated dyn data read handling
    - debian/patches/CVE-2019-7150.patch: sanity check partial core file
      dyn data read in libdwfl/dwfl_segment_report_module.c.
    - CVE-2019-7150
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes
      contain a zero terminated string in libdwfl/linux-core-attach.c,
      libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c.
    - CVE-2019-7665

bed119f... by Marc Deslauriers on 2019-06-07

[PATCH] libebl: Check NT_PLATFORM core notes contain a zero

Gbp-Pq: CVE-2019-7665.patch.

0c808f0... by Marc Deslauriers on 2019-06-07

[PATCH] libdwfl: Sanity check partial core file dyn data read.

Gbp-Pq: CVE-2019-7150.patch.

3689cb2... by Marc Deslauriers on 2019-06-07

[PATCH] libdw: Check terminating NUL byte in dwarf_getsrclines for

Gbp-Pq: CVE-2019-7149.patch.

a6e3f1d... by Marc Deslauriers on 2019-06-07

[PATCH] arlib: Check that sh_entsize isn't zero.

Gbp-Pq: CVE-2018-18521.patch.

e3e2b25... by Marc Deslauriers on 2019-06-07

[PATCH] size: Handle recursive ELF ar files.

Gbp-Pq: CVE-2018-18520.patch.

3e0385b... by Marc Deslauriers on 2019-06-07

[PATCH] libdwfl: Sanity check partial core file data reads.

Gbp-Pq: CVE-2018-18310.patch.

eff2f53... by Marc Deslauriers on 2019-06-07

[PATCH] libdw: Check end of attributes list consistently.

Gbp-Pq: CVE-2018-16403.patch.

201cd01... by Marc Deslauriers on 2019-06-07

[PATCH] libelf: Return error if elf_compress_gnu is used on

Gbp-Pq: CVE-2018-16402.patch.

1139fd0... by Marc Deslauriers on 2019-06-07

[PATCH] libdw, readelf: Make sure there is enough data to read full

Gbp-Pq: CVE-2018-16062.patch.