ubuntu/+source/elfutils:applied/ubuntu/xenial-security

Last commit made on 2019-06-10
Get this branch:
git clone -b applied/ubuntu/xenial-security https://git.launchpad.net/ubuntu/+source/elfutils
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/xenial-security
Repository:
lp:ubuntu/+source/elfutils

Recent commits

500b4a1... by Marc Deslauriers on 2019-06-07

Import patches-applied version 0.165-3ubuntu1.2 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 0640b874f8def0481cbd60c6417ebee91da5b805
Unapplied parent: aa1158b42f38191d4dc8adc54a80c23c5031638c

New changelog entries:
  * SECURITY UPDATE: DoS via a crafted file
    - debian/patches/CVE-2018-16062.patch: make sure there is enough data
      to read full aranges header in libdw/dwarf_getaranges.c,
      src/readelf.c.
    - CVE-2018-16062
  * SECURITY UPDATE: double free and application crash
    - debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu
      is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c,
      libelf/libelf.h.
    - CVE-2018-16402
  * SECURITY UPDATE: incorrect end of the attributes list check
    - debian/patches/CVE-2018-16403.patch: check end of attributes list
      consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c.
    - CVE-2018-16403
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18310.patch: sanity check partial core file
      data reads in libdwfl/dwfl_segment_report_module.c.
    - CVE-2018-18310
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in
      src/size.c.
    - CVE-2018-18520
  * SECURITY UPDATE: divide by zero vulnerabilties
    - debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero
      in src/arlib.c.
    - CVE-2018-18521
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7149.patch: check terminating NUL byte in
      dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c,
      src/readelf.c.
    - CVE-2019-7149
  * SECURITY UPDATE: incorrect truncated dyn data read handling
    - debian/patches/CVE-2019-7150.patch: sanity check partial core file
      dyn data read in libdwfl/dwfl_segment_report_module.c.
    - CVE-2019-7150
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes
      contain a zero terminated string in libdwfl/linux-core-attach.c,
      libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c.
    - CVE-2019-7665

aa1158b... by Marc Deslauriers on 2019-06-07

[PATCH] libebl: Check NT_PLATFORM core notes contain a zero

Gbp-Pq: CVE-2019-7665.patch.

516228b... by Marc Deslauriers on 2019-06-07

[PATCH] libdwfl: Sanity check partial core file dyn data read.

Gbp-Pq: CVE-2019-7150.patch.

80cd19c... by Marc Deslauriers on 2019-06-07

[PATCH] libdw: Check terminating NUL byte in dwarf_getsrclines for

Gbp-Pq: CVE-2019-7149.patch.

e48bb94... by Marc Deslauriers on 2019-06-07

[PATCH] arlib: Check that sh_entsize isn't zero.

Gbp-Pq: CVE-2018-18521.patch.

b0cdb05... by Marc Deslauriers on 2019-06-07

[PATCH] size: Handle recursive ELF ar files.

Gbp-Pq: CVE-2018-18520.patch.

66c88f2... by Marc Deslauriers on 2019-06-07

[PATCH] libdwfl: Sanity check partial core file data reads.

Gbp-Pq: CVE-2018-18310.patch.

9489dd9... by Marc Deslauriers on 2019-06-07

[PATCH] libdw: Check end of attributes list consistently.

Gbp-Pq: CVE-2018-16403.patch.

17b048e... by Marc Deslauriers on 2019-06-07

[PATCH] libelf: Return error if elf_compress_gnu is used on

Gbp-Pq: CVE-2018-16402.patch.

66bee8d... by Marc Deslauriers on 2019-06-07

[PATCH] libdw, readelf: Make sure there is enough data to read full

Gbp-Pq: CVE-2018-16062.patch.