Your message dated Tue, 19 May 2026 03:04:16 +0000
with message-id <[email protected]>
and subject line Bug#1135619: fixed in dtrace 2.0.7-1
has caused the Debian Bug report #1135619,
regarding dtrace: CVE-2026-35233
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135619: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135619
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dtrace
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for dtrace.
CVE-2026-35233[0]:
| An unprivileged attacker can craft a user-space process with a
| malicious ELF binary containing an out-of-range sh_link field. When
| root-level dtrace attaches to -- or instruments -- that process (via
| dtrace -p , pid probes, or USDT), the ELF parser reads heap memory
| beyond the allocated section cache array without any bounds check.
| This results in an uninitialized/out-of-bounds heap read that can
| cause a NULL pointer dereference crash of the dtrace process (DoS),
| or -- depending on heap layout -- a read-then-use of a garbage
| pointer controlled by adjacent allocations, providing a foothold
| toward further exploitation in a privileged context.
https://linux.oracle.com/cve/CVE-2026-35233.html
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-35233
https://www.cve.org/CVERecord?id=CVE-2026-35233
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: dtrace
Source-Version: 2.0.7-1
Done: Kris Van Hees <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dtrace, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kris Van Hees <[email protected]> (supplier of updated dtrace package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 12 May 2026 17:55:24 -0400
Source: dtrace
Architecture: source
Version: 2.0.7-1
Distribution: unstable
Urgency: medium
Maintainer: Kris Van Hees <[email protected]>
Changed-By: Kris Van Hees <[email protected]>
Closes: 1135619
Changes:
dtrace (2.0.7-1) unstable; urgency=medium
.
* Fix CVE-2026-21996: divide-by-zero if section header data corruped.
* Fix CVE-2026-35233: OOB memory access. (Closes: #1135619)
Checksums-Sha1:
bdccea3133ca5a8e952699387732892df2a2cd3c 2113 dtrace_2.0.7-1.dsc
41f4c94d659acd383f450d5d9ad417fc3886c60d 1236267 dtrace_2.0.7.orig.tar.bz2
cc66079b490a67810072703621d1fbb5e18995bd 6356 dtrace_2.0.7-1.debian.tar.xz
bb07fe86bb349039a33ac5604e0f39a40d14c0be 7100 dtrace_2.0.7-1_source.buildinfo
Checksums-Sha256:
252ef581c003417f3bcaaa5c1ff27a290480329aaa07cc086d82117646e7dfe8 2113
dtrace_2.0.7-1.dsc
97b08d519998636e9897ab473601f016d3c47c006818ef9f310c97ea23d09d45 1236267
dtrace_2.0.7.orig.tar.bz2
96ab07c56f47a9e7adb476d3421c5b78ab69da019c6faf1e1b1dd41e44689ce7 6356
dtrace_2.0.7-1.debian.tar.xz
d9c7dca4d0adb1b809ba7beb520bb25795f21818c0e464bf383a682f4bfb7292 7100
dtrace_2.0.7-1_source.buildinfo
Files:
59d1e5fbdb3990b84fbc43324ee12bac 2113 utils optional dtrace_2.0.7-1.dsc
6a5989b49150ec58126cb6af41518099 1236267 utils optional
dtrace_2.0.7.orig.tar.bz2
c5fc1b80f822dc2488e0b9b291ab9301 6356 utils optional
dtrace_2.0.7-1.debian.tar.xz
ba2ff41c209c526165976b115a9d704b 7100 utils optional
dtrace_2.0.7-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmoLz4sACgkQEWhSvN91
FcDz8RAAhdQDu61Ef0CQMUxiCgXe/ySHPucALdVZLgA9vGzcITRu54PpS0XFHmPM
khbjod1hAGzf6CI4T6CZx6FB1qHA74eawprDXUCRkcFyXh3QISTaH9Quedgg8/mn
2h+LpBjfFKAYCDYWcqFeSpAEWnLH/4Cp2+ukJcqhUTyqaSx7Nlkfr9zlLaUc8CO4
ZeY/KyIFcPQw2gs+IeejsuCCaVizWuK4lIb951dJqP446ikPR6hsBHVARF361yhq
mfZgGAw/X2ZWdZwpwqL0LRxa/P1GVPm5mwd7LryA9d9tTX0UToFazvY5lkzVuELe
JA/b+vE6xH7DDTV0TU0UthqsCcjOFnq82LNAlkkbQHBQTuknpm6ScPO7DHsRnHRH
GzGMrj7+qXGug1GbQCUpfQki4x/H43notoHU5bFCKGafM7kJLYLRZY1hXm0q65FT
n9tE1sk+5A+yBZXnfvBsdxy6fEWlTN8sH3YR4IAdRR1lW0wsFXcw1E3mMU8ksmFd
+hWPgUPYD2NXsCEvSUskHA2lMXOcFkSQfoRFA1bAz2wOEtLewby+TiY6pDfFeFMe
M904I6V9adAb5zsxKi7Ev5/LKjriE6VPokcQB6xgebF02tq5Vsh0yosvjcMtofNl
f0VgHGyG01gCK2l3zcdyzgQ0LYlRZns4LJDwSaVgCo+izv7O7N8=
=EMsI
-----END PGP SIGNATURE-----
pgpX0EpgHd0e7.pgp
Description: PGP signature
--- End Message ---
