[ubuntu/xenial-security] libiberty 20160215-1ubuntu0.3 (Accepted)

Marc Deslauriers Wed, 08 Apr 2020 07:22:54 -0700

libiberty (20160215-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: stack Exhaustion in C++ demangling
    - debian/patches/CVE-2018-9138.patch: limit recusion and add
      --no-recruse-limit option to tools that support name demangling.
    - debian/patches/CVE-2018-9138-2.patch: fix a failure in the libiberty
      testsuite by increasing the recursion limit to 2048.
    - CVE-2018-9138
    - CVE-2018-12641
    - CVE-2018-12697
    - CVE-2018-12698
    - CVE-2018-17794
    - CVE-2018-17985
    - CVE-2018-18484
    - CVE-2018-18700
    - CVE-2018-18701
  * SECURITY UPDATE: excessive memory consumption
    - debian/patches/CVE-2018-12934.patch: remove support for demangling
      GCC 2.x era mangling schemes.
    - CVE-2018-12934
    - CVE-2018-18483
  * SECURITY UPDATE: stack consumption and heap-based buffer over-read
    - debian/patches/CVE-2019-907x.patch: reject negative lengths and add
      recursion counter.
    - CVE-2019-9070
    - CVE-2019-9071
  * SECURITY UPDATE: integer overflow and heap-based buffer overflow
    - debian/patches/CVE-2019-14250.patch: check zero value shstrndx.
    - CVE-2019-14250


Date: 2020-04-01 16:35:14.919379+00:00
Changed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/+source/libiberty/20160215-1ubuntu0.3

Sorry, changesfile not available.

-- 
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] libiberty 20160215-1ubuntu0.3 (Accepted)

Reply via email to