==========================================================================
Ubuntu Security Notice USN-2188-1
April 30, 2014

elfutils vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.10

Summary:

elfutils could be made to crash or run programs if it processed a specially
crafted file.

Software Description:
– elfutils: collection of utilities to handle ELF objects

Details:

Florian Weimer discovered that the elfutils libdw library incorrectly
handled malformed compressed debug sections in ELF files. If a user or
automated system were tricked into processing a specially crafted ELF file,
applications linked against libdw could be made to crash, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libdw1 0.158-0ubuntu5.1

Ubuntu 13.10:
libdw1 0.157-1ubuntu1.1

Ubuntu 12.10:
libdw1 0.153-1ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2188-1
CVE-2014-0172

Package Information:
https://launchpad.net/ubuntu/+source/elfutils/0.158-0ubuntu5.1
https://launchpad.net/ubuntu/+source/elfutils/0.157-1ubuntu1.1
https://launchpad.net/ubuntu/+source/elfutils/0.153-1ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTYRB1AAoJEGVp2FWnRL6TK14P/2OI62O+Bz2+d74nyXLhrcyj
neJRhmKXwfQCq7ksM8DvqmXHLGwzFqUt0V10J4sCR3nkhX4yaShCspR2pJf+hrQp
CrzEKstQQ+yCB2BKyREb4YgeI40jL8uM6mtBr6d1OiHih3ZLI394cog37UxqrNPG
zrq1tTx0aLs1BEhHc0WWgFD2bykjpdQaABy0kE+/hBVkKWM4tsV+R6PaZNlitSt1
qAE1v16Z0rHJyrpLK+l0JHSxBOLOM0/8SRs9vFFCpwYkbLN0FIcO5QgJLjBmIyOc
dWXvFLvTmSa/fxuLORsQtHGwBopM9im01eGn306ZvtpQxlUTUcojIofYE/0aQ3zY
HrLTHSd5gaUGBfSZzlJXGybHNAbD0XSpKnD8cBB2KAma3vtIvlDhv/EFgqkXrrwc
Dhlvcf+w2nTvOexYzTTl3Z/bpe6hIDzmKuwwCH88sKX5+m5MSVmL0FqvEqqsfe7c
rJ9AilSh97syeqKsP7zZXauckJh9MWfdvCma6bAxuQCVQcftBdUos8fRO/R1ItXR
SF0kMSNvOdlaJSPgpFXvUBE75IqYFEFjomtsc81rMVhJ68KMXhwbPsHNDK9EFkMJ
peGb8w9bDUIvgsecwNQSv4SRo2I3nZNqfmKbapIwFlWR1miLcrs0pdfQvB+AieQ6
+i5XCnpL8FJteXeZKs4w
=NMa1
—–END PGP SIGNATURE—–
—