[arch-security] [ASA-201510-1] libunwind: denial of service
Christian Rebischke
chris.rebischke at gmail.com
Mon Oct 5 14:50:10 UTC 2015
Arch Linux Security Advisory ASA-201510-1
=========================================
Severity: Low
Date : 2015-10-05
CVE-ID : CVE-2015-3239
Package : libunwind
Type : denial of service
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package libunwind before version 1.1-3 is vulnerable to denial of service
due to an off-by-one error.
Resolution
==========
Upgrade to 1.1-3.
# pacman -Syu "libunwind>=1.1-3"
Workaround
==========
None.
Description
===========
- CVE-2015-3239 (Unspecified Impact):
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in
libunwind 1.1 allows local users to have unspecified impact via invalid dwarf
opcodes.
Impact
======
An attacker could crash the library.
References
==========
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3239
https://bugzilla.redhat.com/show_bug.cgi?id=1232265
https://bugs.archlinux.org/task/46474
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20151005/a74123b6/attachment.asc>
More information about the arch-security
mailing list