Red Hat Security Advisory 2015-1769-01 - Libunwind provides a C ABI to determine the call-chain of a program. An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Continue reading...
