Overview

File _patchinfo of Package patchinfo.8904

<patchinfo incident="8904">
  <issue tracker="bnc" id="1107067">VUL-1: CVE-2018-16403: elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash</issue>
  <issue tracker="bnc" id="1030472">VUL-1: CVE-2016-10254: elfutils: Memory allocation failure in allocate_elf</issue>
  <issue tracker="bnc" id="1125007">VUL-1: CVE-2019-7665: elfutils: heap-based buffer over-read in the function elf32_xlatetom in elf32_xlatetom.c</issue>
  <issue tracker="bnc" id="1030476">VUL-1: CVE-2016-10255: elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)</issue>
  <issue tracker="bnc" id="1123685">VUL-1: CVE-2019-7150: elfutils: . A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to a missing check</issue>
  <issue tracker="bnc" id="1106390">VUL-1: CVE-2018-16062: elfutils: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18allows remote attackers to cause a denial of service (heap-based bufferover-read) via a crafted file.</issue>
  <issue tracker="bnc" id="1033088">VUL-1: CVE-2017-7611: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1033090">VUL-1: CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1033084">VUL-1: CVE-2017-7607: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1033085">VUL-1: CVE-2017-7608: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1033087">VUL-1: CVE-2017-7610: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1112723">VUL-1: CVE-2018-18521: elfutils: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib</issue>
  <issue tracker="bnc" id="1033089">VUL-1: CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file</issue>
  <issue tracker="bnc" id="1111973">VUL-1: CVE-2018-18310: elfutils: An invalid memory address dereference in dwfl_segment_report_module.c</issue>
  <issue tracker="bnc" id="1112726">VUL-1: CVE-2018-18520: elfutils: An Invalid Memory Address Dereference exists in the function elf_end in libelf</issue>
  <issue tracker="cve" id="2018-16403"/>
  <issue tracker="cve" id="2019-7665"/>
  <issue tracker="cve" id="2017-7608"/>
  <issue tracker="cve" id="2018-18520"/>
  <issue tracker="cve" id="2018-18521"/>
  <issue tracker="cve" id="2017-7612"/>
  <issue tracker="cve" id="2016-10255"/>
  <issue tracker="cve" id="2017-7613"/>
  <issue tracker="cve" id="2017-7610"/>
  <issue tracker="cve" id="2019-7150"/>
  <issue tracker="cve" id="2016-10254"/>
  <issue tracker="cve" id="2017-7607"/>
  <issue tracker="cve" id="2018-18310"/>
  <issue tracker="cve" id="2018-16062"/>
  <issue tracker="cve" id="2017-7611"/>
  <category>security</category>
  <rating>low</rating>
  <packager>jmoreira</packager>
  <description>This update for elfutils fixes the following issues:

Security issues fixed: 	  

- CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067).  
- CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472).
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007).
- CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476).
- CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files 
  to be read (bsc#1123685).
- CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390).
- CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088).
- CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections 
  and the number of segments in a crafted ELF file (bsc#1033090).
- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084).
- CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085).
- CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087).
- CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723).
- CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089).
- CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973).
- CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726).
</description>
  <summary>Security update for elfutils</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places