Advisories » MGASA-2020-0017

Updated libdwarf packages fix security vulnerability

Publication date: 05 Jan 2020
Modification date: 05 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14249

Description

Updated libdwarf packages fix security vulnerability:

dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers
to cause a denial of service (division by zero) via an ELF file with a
zero-size section group (SHT_GROUP), as demonstrated by dwarfdump
(CVE-2019-14249).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25955
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/23RIFYDK2JZDBZP6RPYXPF56HCYYKJDL/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14249

SRPMS

7/core

• libdwarf-20191104-1.mga7