[SECURITY] Fedora 20 Update: elfutils-0.158-3.fc20

updates at fedoraproject.org updates at fedoraproject.org
Fri Apr 18 15:37:02 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-5015
2014-04-14 21:55:40
--------------------------------------------------------------------------------

Name        : elfutils
Product     : Fedora 20
Version     : 0.158
Release     : 3.fc20
URL         : https://fedorahosted.org/elfutils/
Summary     : A collection of utilities and DSOs to handle compiled objects
Description :
Elfutils is a collection of utilities, including ld (a linker),
nm (for listing symbols from object files), size (for listing the
section sizes of an object or archive file), strip (for discarding
symbols), readelf (to see the raw ELF file structures), and elflint
(to check for well-formed ELF files).

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw.
Update to 0.158. Support for aarch64. Unwinder support for i386, x86_64, s390, s390x, ppc and ppc64. Add eu-stack.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 10 2014 Mark Wielaard <mjw at redhat.com> - 0.158-3
- Add elfutils-0.158-CVE-2014-0172.patch (#1085729)
* Tue Mar 11 2014 Mark Wielaard <mjw at redhat.com> - 0.158-2
- Add elfutils-0.158-mod-e_type.patch.
* Mon Jan  6 2014 Mark Wielaard <mjw at redhat.com> - 0.158-1
- Update to 0.158. Remove all patches now upstream. Add eu-stack.
* Thu Dec 19 2013 Mark Wielaard <mjw at redhat.com> - 0.157-4
- Add elfutils-0.157-aarch64-got-special-symbol.patch.
- Remove -Werror=format-security from RPM_OPT_FLAGS.
* Fri Dec 13 2013 Petr Machata <pmachata at redhat.com> - 0.157-3
- Add upstream support for aarch64
* Wed Oct  9 2013 Mark Wielaard <mjw at redhat.com> 0.157-2
- Show tests/test-suite.log in build.log when make check fails.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1085663 - CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw
        https://bugzilla.redhat.com/show_bug.cgi?id=1085663
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update elfutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list