SUSE-SU-2019:1486-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2019/suse-su-20191486-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1486-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2019:1486-1

Related

Published

2019-06-13T07:40:27Z

Modified

2019-06-13T07:40:27Z

Summary

Security update for elfutils

Details

This update for elfutils fixes the following issues:

Security issues fixed:

CVE-2017-7607: Fixed a heap-based buffer overflow in handlegnuhash (bsc#1033084)
CVE-2017-7608: Fixed a heap-based buffer overflow in eblobjectnotetypename() (bsc#1033085)
CVE-2017-7609: Fixed a memory allocation failure in _libelfdecompress (bsc#1033086)
CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
CVE-2017-7612: Fixed a denial of service in checksysvhash() via a crafted ELF file (bsc#1033089)
CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
CVE-2018-18310: Fixed an invalid address read problem in dwflsegmentreport_module.c (bsc#1111973)
CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlibaddsymbols() used by eu-ranlib (bsc#1112723)
CVE-2019-7150: dwflsegmentreport_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 / elfutils

Package

Name: elfutils
Purl: pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.168-4.5.3

Ecosystem specific

{
    "binaries": [
        {
            "libebl-plugins": "0.168-4.5.3",
            "libdw1-32bit": "0.168-4.5.3",
            "libasm-devel": "0.168-4.5.3",
            "libasm1": "0.168-4.5.3",
            "elfutils-lang": "0.168-4.5.3",
            "elfutils": "0.168-4.5.3",
            "libelf1": "0.168-4.5.3",
            "libelf-devel": "0.168-4.5.3",
            "libdw-devel": "0.168-4.5.3",
            "libdw1": "0.168-4.5.3",
            "libebl-devel": "0.168-4.5.3",
            "libelf1-32bit": "0.168-4.5.3",
            "libebl-plugins-32bit": "0.168-4.5.3"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / elfutils

Package

Name: elfutils
Purl: pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.168-4.5.3

Ecosystem specific

{
    "binaries": [
        {
            "libebl-plugins": "0.168-4.5.3",
            "libdw1-32bit": "0.168-4.5.3",
            "libasm-devel": "0.168-4.5.3",
            "libasm1": "0.168-4.5.3",
            "elfutils-lang": "0.168-4.5.3",
            "elfutils": "0.168-4.5.3",
            "libelf1": "0.168-4.5.3",
            "libelf-devel": "0.168-4.5.3",
            "libdw-devel": "0.168-4.5.3",
            "libdw1": "0.168-4.5.3",
            "libebl-devel": "0.168-4.5.3",
            "libelf1-32bit": "0.168-4.5.3",
            "libebl-plugins-32bit": "0.168-4.5.3"
        }
    ]
}