openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Security update for elfutils

This update for elfutils fixes the following issues:

Security issues fixed:

- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084)
- CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085)
- CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
- CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089)
- CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
- CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
- CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
- CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
- CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)

This update was imported from the SUSE:SLE-15:Update update project.

Submitted by João Moreira (jmoreira)

Fixed bugs

VUL-1: CVE-2019-7150: elfutils: segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to a missing check

bnc#1033087

VUL-1: CVE-2017-7610: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file

bnc#1107067

VUL-1: CVE-2018-16403: elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash

bnc#1106390

VUL-1: CVE-2018-16062: elfutils: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18allows remote attackers to cause a denial of service (heap-based bufferover-read) via a crafted file.

bnc#1033084

VUL-1: CVE-2017-7607: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file

bnc#1125007

VUL-1: CVE-2019-7665: elfutils: heap-based buffer over-read in the function elf32_xlatetom in elf32_xlatetom.c

bnc#1033086

VUL-1: CVE-2017-7609: elfutils: denial of service (memory consumption) via a crafted ELF file

bnc#1112726

VUL-1: CVE-2018-18520: elfutils: An Invalid Memory Address Dereference exists in the function elf_end in libelf

bnc#1033090

VUL-1: CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file

bnc#1033089

VUL-1: CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file

bnc#1033088

VUL-1: CVE-2017-7611: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file

bnc#1033085

VUL-1: CVE-2017-7608: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file

bnc#1111973

VUL-1: CVE-2018-18310: elfutils: An invalid memory address dereference in dwfl_segment_report_module.c

bnc#1107066

VUL-0: CVE-2018-16402: elfutils: Double-free due to double decompression of sections in crafted ELF causes crash

bnc#1112723

VUL-1: CVE-2018-18521: elfutils: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib

Places

Fixed bugs

Selected Binaries

Places