Source: elfutils Version: 0.170-0.5 Severity: normal Tags: patch security upstream Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=23541 Control: found -1 0.168-1
Hi, The following vulnerability was published for elfutils. CVE-2018-16062[0]: | dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before | 2018-08-18 allows remote attackers to cause a denial of service | (heap-based buffer over-read) via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062 [1] https://sourceware.org/bugzilla/show_bug.cgi?id=23541 [2] https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9 Please adjust the affected versions in the BTS as needed. Regards, Salvatore