MGASA-2020-0017 - Updated libdwarf packages fix security vulnerability

Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0017.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-14249

Updated libdwarf packages fix security vulnerability:

dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackersto cause a denial of service (division by zero) via an ELF file with a
zero-size section group (SHT_GROUP), as demonstrated by dwarfdump
(CVE-2019-14249).

References:
- https://bugs.mageia.org/show_bug.cgi?id=25955
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/23RIFYDK2JZDBZP6RPYXPF56HCYYKJDL/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14249

SRPMS:
- 7/core/libdwarf-20191104-1.mga7

Mageia 2020-0017: libdwarf security update

Updated libdwarf packages fix security vulnerability: dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via a...

Summary

Updated libdwarf packages fix security vulnerability:
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackersto cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump (CVE-2019-14249).

References

- https://bugs.mageia.org/show_bug.cgi?id=25955

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/23RIFYDK2JZDBZP6RPYXPF56HCYYKJDL/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14249

Resolution

MGASA-2020-0017 - Updated libdwarf packages fix security vulnerability

SRPMS

- 7/core/libdwarf-20191104-1.mga7

Severity
Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0017.html
Type: security
CVE: CVE-2019-14249

Related News