ubuntu/+source/elfutils:applied/ubuntu/xenial-security

Last commit made on 2018-06-05
Get this branch:
git clone -b applied/ubuntu/xenial-security https://git.launchpad.net/ubuntu/+source/elfutils
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/xenial-security
Repository:
lp:ubuntu/+source/elfutils

Recent commits

0640b87... by Tyler Hicks on 2017-05-17

Import patches-applied version 0.165-3ubuntu1.1 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 45343b7150df5dc6a7f69b353fa64a9042da6a91
Unapplied parent: c89c71e83141196b0012620057a0d575135817c4

New changelog entries:
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading
      an ELF file for sanity checks. Based on upstream patch.
    - CVE-2016-10254
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2016-10255.patch: Sanity check offset and size before
      trying to malloc and read data. Based on upstream patch.
    - CVE-2016-10255
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7607.patch: Fix off by one sanity check in
      handle_gnu_hash. Based on upstream patch.
    - CVE-2017-7607
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7608.patch: Use the empty string for note names
      with zero size. Based on upstream patch.
    - CVE-2017-7608
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2017-7609.patch: Check compression ratio before
      trying to allocate output buffer. Based on upstream patch.
    - CVE-2017-7609
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7610.patch: Don't check section group without
      flags word. Based on upstream patch.
    - CVE-2017-7610
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7611.patch: Check symbol table data is big
      enough before checking. Based on upstream patch.
    - CVE-2017-7611
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking
      hash sections. Based on upstream patch.
    - CVE-2017-7612
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and
      shdrs available. Based on upstream patch.
    - CVE-2017-7613

c89c71e... by Tyler Hicks on 2017-05-17

[PATCH] elflint: Sanity check the number of phdrs and shdrs

Gbp-Pq: CVE-2017-7613.patch.

92beb44... by Tyler Hicks on 2017-05-17

[PATCH] elflint: Don't trust sh_entsize when checking hash sections.

Gbp-Pq: CVE-2017-7612.patch.

394bf26... by Tyler Hicks on 2017-05-17

[PATCH] elflint: Check symbol table data is big enough before

Gbp-Pq: CVE-2017-7611.patch.

ba17eff... by Tyler Hicks on 2017-05-17

[PATCH] elflint: Don't check section group without flags word.

Gbp-Pq: CVE-2017-7610.patch.

0546dea... by Tyler Hicks on 2017-05-17

[PATCH] libelf: Check compression ratio before trying to allocate

Gbp-Pq: CVE-2017-7609.patch.

f99d764... by Tyler Hicks on 2017-05-17

[PATCH] Use the empty string for note names with zero size (without

Gbp-Pq: CVE-2017-7608.patch.

a27d7b5... by Tyler Hicks on 2017-05-17

[PATCH] readelf: Fix off by one sanity check in handle_gnu_hash.

Gbp-Pq: CVE-2017-7607.patch.

b160d0a... by Tyler Hicks on 2017-05-17

[PATCH] libelf: Sanity check offset and size before trying to malloc

Gbp-Pq: CVE-2016-10255.patch.

2a8c6cd... by Tyler Hicks on 2017-05-17

[PATCH] libelf: Always set ELF maxsize when reading an ELF file for

Gbp-Pq: CVE-2016-10254.patch.