--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-f36c5935e5
2016-05-12 16:12:04.939153
--------------------------------------------------------------------------------
Name : libdwarf
Product : Fedora 24
Version : 20160507
Release : 1.fc24
URL :
http://www.prevanders.net/dwarf.html
Summary : Library to access the DWARF Debugging file format
Description :
Library to access the DWARF debugging file format which supports
source level debugging of a number of procedural languages, such as C, C++,
and Fortran. Please see
http://www.dwarfstd.org for DWARF specification.
--------------------------------------------------------------------------------
Update Information:
Update to 20160507 release - fixes many outstanding crash bugs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1299966 - CVE-2016-2091 libdwarf: Out-of-bounds read in dwarf_frame2.c
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1299966
[ 2 ] Bug #1300332 - CVE-2016-2050 libdwarf: Out-of-bounds write in
get_abbrev_array_info [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300332
[ 3 ] Bug #1334068 - libdwarf-20160507 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1334068
[ 4 ] Bug #1332149 - Null dereference bug in READ_AREA_LENGTH()
https://bugzilla.redhat.com/show_bug.cgi?id=1332149
[ 5 ] Bug #1332148 - Null dereference bug in _dwarf_file_name_is_full_path()
https://bugzilla.redhat.com/show_bug.cgi?id=1332148
[ 6 ] Bug #1332145 - A approximate infinite loop bugs in dwarf_get_aranges_list()
https://bugzilla.redhat.com/show_bug.cgi?id=1332145
[ 7 ] Bug #1332144 - Out of bound read bug in dwarf_dealloc()
https://bugzilla.redhat.com/show_bug.cgi?id=1332144
[ 8 ] Bug #1332141 - Heap Overflow bug in update_entry().
https://bugzilla.redhat.com/show_bug.cgi?id=1332141
[ 9 ] Bug #1330237 - NULL dereference bug in _dwarf_decode_s_leb128
https://bugzilla.redhat.com/show_bug.cgi?id=1330237
[ 10 ] Bug #1316695 - libdwarf not checking whether error is null before attempting to
use it for dwarf_srcfiles
https://bugzilla.redhat.com/show_bug.cgi?id=1316695
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libdwarf' at the command line.
For more information, refer to "Managing Software with yum",
available at
https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------