mirror of
https://github.com/motioneye-project/motioneyeos.git
synced 2025-04-19 21:07:17 +00:00
6a74acb6fb
Fixes the following security issues: CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. CVE-2018-16403: libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. For more details, see the announcement: https://sourceware.org/ml/elfutils-devel/2018-q3/msg00116.html 0.172 and 0.173 also included fixes for crashes and hangs found by afl-fuzz (no CVEs assigned): https://sourceware.org/ml/elfutils-devel/2018-q2/msg00272.html https://sourceware.org/ml/elfutils-devel/2018-q2/msg00209.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>