It looks like the older version that we are shipping Debian is not affected by this CVE, running dwarfdump on the "odd elf" file under valgrind does not report any read after free errors:
user@host:~$ valgrind /usr/bin/dwarfdump ~/dlf/x/a.out ==19388== Memcheck, a memory error detector ==19388== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==19388== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info ==19388== Command: /usr/bin/dwarfdump /home/troyhebe/dlf/x/a.out ==19388== /usr/bin/dwarfdump ERROR: dwarf_elf_init: DW_DLE_ELF_STRPTR_ERROR 30 a call to elf_strptr() failed trying to get a section name (30) CU Name = CU Producer = DIE OFF = 0x00000000 GOFF = 0x00000000, Low PC = 0x00000000, High PC = 0x00000000 ==19388== ==19388== HEAP SUMMARY: ==19388== in use at exit: 8,453 bytes in 10 blocks ==19388== total heap usage: 110 allocs, 100 frees, 19,743 bytes allocated ==19388== ==19388== LEAK SUMMARY: ==19388== definitely lost: 0 bytes in 0 blocks ==19388== indirectly lost: 0 bytes in 0 blocks ==19388== possibly lost: 120 bytes in 3 blocks ==19388== still reachable: 8,333 bytes in 7 blocks ==19388== suppressed: 0 bytes in 0 blocks ==19388== Rerun with --leak-check=full to see details of leaked memory ==19388== ==19388== For counts of detected and suppressed errors, rerun with: -v ==19388== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) Troy
signature.asc
Description: Digital signature
