Arch Linux alert ASA-201510-1 (libunwind)

From:
    	       Christian Rebischke <chris.rebischke@gmail.com> 
To:
    	       arch-security@archlinux.org 
Subject:
    	       [arch-security]  [ASA-201510-1] libunwind: denial of service 
Date:
    	       Mon, 5 Oct 2015 16:50:10 +0200
Message-ID:
    	       <20151005145009.GA23620@trudy>
Arch Linux Security Advisory ASA-201510-1
=========================================

Severity: Low
Date    : 2015-10-05
CVE-ID  : CVE-2015-3239
Package : libunwind
Type    : denial of service
Remote  : No
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package libunwind before version 1.1-3 is vulnerable to denial of service 
due to an off-by-one error.

Resolution
==========

Upgrade to 1.1-3.

# pacman -Syu "libunwind>=1.1-3"

Workaround
==========

None.

Description
===========

- CVE-2015-3239 (Unspecified Impact):

Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in
libunwind 1.1 allows local users to have unspecified impact via invalid dwarf
opcodes.

Impact
======

An attacker could crash the library.

References
==========

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015...
https://bugzilla.redhat.com/show_bug.cgi?id=1232265
https://bugs.archlinux.org/task/46474

From:		Christian Rebischke <chris.rebischke@gmail.com>
To:		arch-security@archlinux.org
Subject:		[arch-security] [ASA-201510-1] libunwind: denial of service
Date:		Mon, 5 Oct 2015 16:50:10 +0200
Message-ID:		<20151005145009.GA23620@trudy>