[arch-security] [ASA-201510-1] libunwind: denial of service
Arch Linux Security Advisory ASA-201510-1 ========================================= Severity: Low Date : 2015-10-05 CVE-ID : CVE-2015-3239 Package : libunwind Type : denial of service Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libunwind before version 1.1-3 is vulnerable to denial of service due to an off-by-one error. Resolution ========== Upgrade to 1.1-3. # pacman -Syu "libunwind>=1.1-3" Workaround ========== None. Description =========== - CVE-2015-3239 (Unspecified Impact): Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. Impact ====== An attacker could crash the library. References ========== https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3239 https://bugzilla.redhat.com/show_bug.cgi?id=1232265 https://bugs.archlinux.org/task/46474
participants (1)
-
Christian Rebischke