-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 30 Oct 2021 14:54:50 +0300 Source: elfutils Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev Architecture: source Version: 0.168-1+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Kurt Roeckx <kurt@roeckx.be> Changed-By: Adrian Bunk <bunk@debian.org> Description: elfutils - collection of utilities to handle ELF objects libasm-dev - libasm development libraries and header files libasm1 - library with a programmable assembler interface libdw-dev - libdw1 development libraries and header files libdw1 - library that provides access to the DWARF debug information libelf-dev - libelf1 development libraries and header files libelf1 - library to read and write ELF files Changes: elfutils (0.168-1+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw allowed a denial of service (heap-based buffer over-read) via a crafted file. * CVE-2018-16402: libelf/elf_end.c in allowed to cause a denial of service (double free and application crash) because it tried to decompress twice. * CVE-2018-18310: An invalid memory address dereference libdwfl allowed a denial of service (application crash) via a crafted file. * CVE-2018-18520: A use-after-free in recursive ELF ar files allowed a denial of service (application crash) via a crafted file. * CVE-2018-18521: A divide-by-zero in arlib_add_symbols() allowed a denial of service (application crash) via a crafted file. * CVE-2019-7150: A segmentation fault could occur due to dwfl_segment_report_module() not checking whether the dyn data read from a core file is truncated. * CVE-2019-7665: NT_PLATFORM core notes contain a zero terminated string allowed a denial of service (application crash) via a crafted file. Checksums-Sha1: e1c1b1d1f6dbf600135f01de71bf2ee9c1c45fdd 2577 elfutils_0.168-1+deb9u1.dsc 53e486ddba572cf872d32e9aad4d7d7aa6e767ff 6840399 elfutils_0.168.orig.tar.bz2 5326af61e2ecf811ef1ede808f9e788219295fc3 473 elfutils_0.168.orig.tar.bz2.asc b081223558e85655a95da2c5ba441c55b7cfe627 43980 elfutils_0.168-1+deb9u1.debian.tar.xz Checksums-Sha256: 5336e12c7d182d15d822804858eaceba84a3eb4c4f70238d7930f43cff8dc8cb 2577 elfutils_0.168-1+deb9u1.dsc b88d07893ba1373c7dd69a7855974706d05377766568a7d9002706d5de72c276 6840399 elfutils_0.168.orig.tar.bz2 f455fc014b59a0d80ab921935d20f26e64f411a424d4be29ec5bf3a1378f3002 473 elfutils_0.168.orig.tar.bz2.asc e41f9b7b8843d2a8d67ee3cd90bf12d4349aa96e0bbc3e6c2b49be9fab773bea 43980 elfutils_0.168-1+deb9u1.debian.tar.xz Files: 7f455f34cab32ec30e44db0dfce33535 2577 libs optional elfutils_0.168-1+deb9u1.dsc 52adfa40758d0d39e5d5c57689bf38d6 6840399 libs optional elfutils_0.168.orig.tar.bz2 7305e2dd0db220864ad7aa674d47c0e2 473 libs optional elfutils_0.168.orig.tar.bz2.asc d72ee47eeb2fa98ef3959df766ff7bb6 43980 libs optional elfutils_0.168-1+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF9p1oACgkQiNJCh6LY mLHXlhAArxGvy0x8fxAQlbZmGDCBWW3mFJBegnxLuUKPjqhudv1rp+5VlCV6SjrY Seeuacp7ZWVt5caHTHXkIqG+IxYjMMpKP+8pKko/FPB0zxY0VAnaecy1vnG/h2kH ovjS749xyADNcoG6XBRHKDY/iKfZpgIuE2o8O/oONCtCmNLHyFixdMosXtpQrnMj GfyoGukXivS04h6EqXxosQRAP2jRBN8WCmp9uNX3M7XfUyXEfm1YAZ5V+dULDyJg cCizlwq/16S7IlLzFe2QBxYIjiVJrhXaZ+Ghs7e5J+3pUJn5CSBn1+OnnIKVYSj2 +cSzRzPSE/wE0bFHp17W8Pmm0F8TWyAypUNR70xwCJyWTW77U5ghOKg0XkBL3cjo 5Dg78sxDWh8d9X+1r3ngZe9U3RfaybW0xSjwoRYHi1QL429MjljqyYqtIlXIKuHZ /j4woEnHADNwAtFwnxvBlCqA259WgQn59U6/NjDXIKoYLIg8yuelgG45mWGz6UaD dgJRP1yMQYzN5vpIfFSnd9g00nKnVMI68YgHUixI/yqqJc/VzMKzH04whAOvxyyJ 2RAkB1sWVOcU2H3p7OxwGoAyAKlz7KXxYDZT3QuNOMnLioEhBWkM0FZxbzyUNhrm ztp1acEFI3C+0DO5QLx6NUOwffXq77KV3V/xYYGE/RxgYEOxiLc= =+xdS -----END PGP SIGNATURE-----
