aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2018-11-12 23:44:31 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2018-11-13 09:16:58 +0100
commit6a74acb6fb6b21a0a5c97cdfc73f0d20a9af2f75 (patch)
tree0185846e2bac901028bbaa47452e89db8e7959ba
parent1c32e4c298d02ce7ca3c3551be8c31051dde7801 (diff)
downloadbuildroot-6a74acb6fb6b21a0a5c97cdfc73f0d20a9af2f75.tar.gz
buildroot-6a74acb6fb6b21a0a5c97cdfc73f0d20a9af2f75.tar.bz2
elfutils: security bump to version 0.174
Fixes the following security issues: CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. CVE-2018-16403: libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. For more details, see the announcement: https://sourceware.org/ml/elfutils-devel/2018-q3/msg00116.html 0.172 and 0.173 also included fixes for crashes and hangs found by afl-fuzz (no CVEs assigned): https://sourceware.org/ml/elfutils-devel/2018-q2/msg00272.html https://sourceware.org/ml/elfutils-devel/2018-q2/msg00209.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/elfutils/elfutils.hash4
-rw-r--r--package/elfutils/elfutils.mk2
2 files changed, 3 insertions, 3 deletions
diff --git a/package/elfutils/elfutils.hash b/package/elfutils/elfutils.hash
index dc321e9359..5a76cd5868 100644
--- a/package/elfutils/elfutils.hash
+++ b/package/elfutils/elfutils.hash
@@ -1,5 +1,5 @@
-# From https://sourceware.org/elfutils/ftp/0.171/sha512.sum
-sha512 777be2d63ca9b11440bf358a33428d9ca974e2612a880934156c9f7194af596ed627c1ed2d48dbd47a3761c94913b8f39565f9dcb6b62c92bf229f04c96d5ee3 elfutils-0.171.tar.bz2
+# From https://sourceware.org/elfutils/ftp/0.174/sha512.sum
+sha512 696708309c2a9a076099748809ecdc0490f4a8a842b2efc1aae0d746e7c5a8b203743f5626739eff837216b0c052696516b2821f5d3cc3f2eef86597c96d42df elfutils-0.174.tar.bz2
# Locally calculated
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING-GPLV2
diff --git a/package/elfutils/elfutils.mk b/package/elfutils/elfutils.mk
index 5eaaaeadad..2d62017bba 100644
--- a/package/elfutils/elfutils.mk
+++ b/package/elfutils/elfutils.mk
@@ -4,7 +4,7 @@
#
################################################################################
-ELFUTILS_VERSION = 0.171
+ELFUTILS_VERSION = 0.174
ELFUTILS_SOURCE = elfutils-$(ELFUTILS_VERSION).tar.bz2
ELFUTILS_SITE = https://sourceware.org/elfutils/ftp/$(ELFUTILS_VERSION)
ELFUTILS_INSTALL_STAGING = YES