File _patchinfo of Package patchinfo.8903

<patchinfo incident="8903">
  <issue tracker="cve" id="2017-7607"/>
  <issue tracker="cve" id="2018-18521"/>
  <issue tracker="cve" id="2018-16062"/>
  <issue tracker="cve" id="2019-7665"/>
  <issue tracker="cve" id="2017-7613"/>
  <issue tracker="cve" id="2017-7612"/>
  <issue tracker="cve" id="2017-7611"/>
  <issue tracker="cve" id="2018-18520"/>
  <issue tracker="cve" id="2017-7610"/>
  <issue tracker="cve" id="2018-16403"/>
  <issue tracker="cve" id="2019-7150"/>
  <issue tracker="cve" id="2017-7608"/>
  <issue tracker="cve" id="2018-16402"/>
  <issue tracker="cve" id="2018-18310"/>
  <issue tracker="cve" id="2017-7609"/>
  <issue tracker="bnc" id="1123685">VUL-1: CVE-2019-7150: elfutils: segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to a missing check</issue>
  <issue tracker="bnc" id="1033087">VUL-1: CVE-2017-7610: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1107067">VUL-1: CVE-2018-16403: elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash</issue>
  <issue tracker="bnc" id="1106390">VUL-1: CVE-2018-16062: elfutils: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18allows remote attackers to cause a denial of service (heap-based bufferover-read) via a crafted file.</issue>
  <issue tracker="bnc" id="1033084">VUL-1: CVE-2017-7607: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1125007">VUL-1: CVE-2019-7665: elfutils: heap-based buffer over-read in the function elf32_xlatetom in elf32_xlatetom.c</issue>
  <issue tracker="bnc" id="1033086">VUL-1: CVE-2017-7609: elfutils: denial of service (memory consumption) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1112726">VUL-1: CVE-2018-18520: elfutils: An Invalid Memory Address Dereference exists in the function elf_end in libelf</issue>
  <issue tracker="bnc" id="1033090">VUL-1: CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1033089">VUL-1: CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1033088">VUL-1: CVE-2017-7611: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1033085">VUL-1: CVE-2017-7608: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1111973">VUL-1: CVE-2018-18310: elfutils: An invalid memory address dereference in dwfl_segment_report_module.c</issue>
  <issue tracker="bnc" id="1107066">VUL-0: CVE-2018-16402: elfutils: Double-free due to double decompression of sections in crafted ELF causes crash</issue>
  <issue tracker="bnc" id="1112723">VUL-1: CVE-2018-18521: elfutils: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>jmoreira</packager>
  <description>This update for elfutils fixes the following issues:

Security issues fixed:  

- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084)
- CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085)
- CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
- CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089)
- CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
- CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
- CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
- CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
- CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)
</description>
  <summary>Security update for elfutils</summary>
</patchinfo>
openSUSE Build Service is sponsored by