PublicDateAtUSN: 2014-04-11
Candidate: CVE-2014-0172
PublicDate: 2014-04-11 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0172
 https://ubuntu.com/security/notices/USN-2188-1
Description:
 Integer overflow in the check_section function in dwarf_begin_elf.c in the
 libdw library, as used in elfutils 0.153 and possibly through 0.158 allows
 remote attackers to cause a denial of service (application crash) or
 possibly execute arbitrary code via a malformed compressed debug section in
 an ELF file, which triggers a heap-based buffer overflow.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744017
 https://bugzilla.redhat.com/show_bug.cgi?id=1085663
Priority: medium
Discovered-by: Florian Weimer
Assigned-to: mdeslaur
CVSS: 

Patches_elfutils:
 upstream: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=7f1eec317db79627b473c5b149a22a1b20d1f68f
upstream_elfutils: needs-triage
lucid_elfutils: not-affected (code not present)
precise_elfutils: not-affected (code not present)
quantal_elfutils: released (0.153-1ubuntu1.1)
saucy_elfutils: released (0.157-1ubuntu1.1)
trusty_elfutils: released (0.158-0ubuntu5.1)
trusty/esm_elfutils: released (0.158-0ubuntu5.1)
devel_elfutils: released (0.158-0ubuntu5.1)