[SECURITY] Fedora 19 Update: elfutils-0.158-3.fc19

updates at fedoraproject.org updates at fedoraproject.org
Wed Apr 30 04:06:47 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-5031
2014-04-14 21:56:21
--------------------------------------------------------------------------------

Name        : elfutils
Product     : Fedora 19
Version     : 0.158
Release     : 3.fc19
URL         : https://fedorahosted.org/elfutils/
Summary     : A collection of utilities and DSOs to handle compiled objects
Description :
Elfutils is a collection of utilities, including ld (a linker),
nm (for listing symbols from object files), size (for listing the
section sizes of an object or archive file), strip (for discarding
symbols), readelf (to see the raw ELF file structures), and elflint
(to check for well-formed ELF files).

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw.
Update to 0.158. Support for aarch64. Unwinder support for i386, x86_64, s390, s390x, ppc and ppc64. Add eu-stack.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 10 2014 Mark Wielaard <mjw at redhat.com> - 0.158-3
- Add elfutils-0.158-CVE-2014-0172.patch (#1085729)
* Tue Mar 11 2014 Mark Wielaard <mjw at redhat.com> - 0.158-2
- Add elfutils-0.158-mod-e_type.patch.
* Mon Jan  6 2014 Mark Wielaard <mjw at redhat.com> - 0.158-1
- Update to 0.158. Remove all patches now upstream. Add eu-stack.
* Thu Dec 19 2013 Mark Wielaard <mjw at redhat.com> - 0.157-4
- Add elfutils-0.157-aarch64-got-special-symbol.patch.
- Remove -Werror=format-security from RPM_OPT_FLAGS.
* Fri Dec 13 2013 Petr Machata <pmachata at redhat.com> - 0.157-3
- Add upstream support for aarch64
* Wed Oct  9 2013 Mark Wielaard <mjw at redhat.com> 0.157-2
- Show tests/test-suite.log in build.log when make check fails.
* Mon Sep 30 2013 Mark Wielaard <mjw at redhat.com> 0.157-1
- Update to 0.157.
- Remove elfutils-0.156-abi_cfi-ppc-s390-arm.patch.
- Remove elfutils-0.156-et_dyn-kernels.patch.
* Fri Sep  6 2013 Mark Wielaard <mjw at redhat.com> 0.156-5
- Add elfutils-0.156-abi_cfi-ppc-s390-arm.patch.
  Sets up initial CFI return register, CFA location expression and
  register rules for PPC, S390 and ARM (dwarf_cfi_addrframe support).
* Mon Aug 26 2013 Mark Wielaard <mjw at redhat.com> 0.156-4
- Add elfutils-0.156-et_dyn-kernels.patch.
  Fixes an issue on ppc64 with systemtap kernel address placement.
* Thu Aug  8 2013 Mark Wielaard <mjw at redhat.com> 0.156-3
- Make check can now also be ran in parallel.
* Thu Jul 25 2013 Jan Kratochvil <jan.kratochvil at redhat.com> 0.156-2
- Update the %configure command for compatibility with fc20 Koji.
* Thu Jul 25 2013 Jan Kratochvil <jan.kratochvil at redhat.com> 0.156-1
- Update to 0.156.
  - #890447 - Add __bss_start and __TMC_END__ to elflint.
  - #909481 - Only try opening files with installed compression libraries.
  - #914908 - Add __bss_start__ to elflint.
  - #853757 - Updated Polish translation.
  - #985438 - Incorrect prototype of __libdwfl_find_elf_build_id.
  - Drop upstreamed elfutils-0.155-binutils-pr-ld-13621.patch.
  - Drop upstreamed elfutils-0.155-mem-align.patch.
  - Drop upstreamed elfutils-0.155-sizeof-pointer-memaccess.patch.
* Tue Jul  2 2013 Karsten Hopp <karsten at redhat.com> 0.155-6
- bump release and rebuild to fix dependencies on PPC
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1085663 - CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw
        https://bugzilla.redhat.com/show_bug.cgi?id=1085663
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update elfutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list