[SECURITY] Fedora 24 Update: libdwarf-20160507-1.fc24

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-f36c5935e5 2016-05-12 16:12:04.939153 -------------------------------------------------------------------------------- Name : libdwarf Product : Fedora 24 Version : 20160507 Release : 1.fc24 URL : http://www.prevanders.net/dwarf.html Summary : Library to access the DWARF Debugging file format Description : Library to access the DWARF debugging file format which supports source level debugging of a number of procedural languages, such as C, C++, and Fortran. Please see http://www.dwarfstd.org for DWARF specification. -------------------------------------------------------------------------------- Update Information: Update to 20160507 release - fixes many outstanding crash bugs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1299966 - CVE-2016-2091 libdwarf: Out-of-bounds read in dwarf_frame2.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1299966 [ 2 ] Bug #1300332 - CVE-2016-2050 libdwarf: Out-of-bounds write in get_abbrev_array_info [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300332 [ 3 ] Bug #1334068 - libdwarf-20160507 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334068 [ 4 ] Bug #1332149 - Null dereference bug in READ_AREA_LENGTH() https://bugzilla.redhat.com/show_bug.cgi?id=1332149 [ 5 ] Bug #1332148 - Null dereference bug in _dwarf_file_name_is_full_path() https://bugzilla.redhat.com/show_bug.cgi?id=1332148 [ 6 ] Bug #1332145 - A approximate infinite loop bugs in dwarf_get_aranges_list() https://bugzilla.redhat.com/show_bug.cgi?id=1332145 [ 7 ] Bug #1332144 - Out of bound read bug in dwarf_dealloc() https://bugzilla.redhat.com/show_bug.cgi?id=1332144 [ 8 ] Bug #1332141 - Heap Overflow bug in update_entry(). https://bugzilla.redhat.com/show_bug.cgi?id=1332141 [ 9 ] Bug #1330237 - NULL dereference bug in _dwarf_decode_s_leb128 https://bugzilla.redhat.com/show_bug.cgi?id=1330237 [ 10 ] Bug #1316695 - libdwarf not checking whether error is null before attempting to use it for dwarf_srcfiles https://bugzilla.redhat.com/show_bug.cgi?id=1316695 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libdwarf' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------