Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1486-1

Опубликовано: 13 июн. 2019
Источник: suse-cvrf

Описание

Security update for elfutils

This update for elfutils fixes the following issues:

Security issues fixed:

  • CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084)
  • CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085)
  • CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086)
  • CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
  • CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
  • CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089)
  • CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
  • CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
  • CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
  • CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
  • CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973)
  • CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
  • CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
  • CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
  • CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)

Список пакетов

Container bci/dotnet-aspnet:3.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/dotnet-runtime:3.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/dotnet-runtime:5.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/dotnet-runtime:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/dotnet-sdk:3.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/dotnet-sdk:5.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/dotnet-sdk:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/golang:1.16
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/golang:1.17
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/golang:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/node:14
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/nodejs:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/openjdk-devel:11
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/openjdk:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/python:3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container bci/ruby:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/389-ds:1.4.2
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/busybox:1.34.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/caasp-dex:2.16.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/caaspctl-tooling:beta
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/cert-exporter:2.3.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/cilium-etcd-operator:2.0.5
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/cilium-init:1.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/cilium-operator:1.6.6
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/cilium:1.6.6
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/cloud-provider-openstack:1.15.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/configmap-reload:0.3.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/coredns:1.6.7
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/curl:7.60.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/etcd:3.4.13
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/gangway:3.1.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/grafana:7.5.12
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/helm-tiller:2.16.12
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/hyperkube:v1.17.17
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/k8s-sidecar:0.1.75
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/kube-state-metrics:1.9.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/kubernetes-client:1.17.17
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/kucero:1.3.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/kured:1.3.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/metrics-server:0.3.6
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/prometheus-alertmanager:0.16.2
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/prometheus-node-exporter:1.1.2
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/prometheus-pushgateway:0.6.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/prometheus-server:2.7.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/rsyslog:8.39.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/skuba-tooling:0.1.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/test-update:beta
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/velero-plugin-for-aws:1.0.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/velero-plugin-for-gcp:1.0.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/velero-restic-restore-helper:1.3.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container caasp/v4/velero:1.3.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/6/cephcsi/cephcsi:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/6/rook/ceph:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/ceph/ceph:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/ceph/grafana:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/ceph/prometheus-alertmanager:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/ceph/prometheus-node-exporter:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/ceph/prometheus-server:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/cephcsi:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-attacher:v2.1.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-attacher:v3.3.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-livenessprobe:v1.1.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-node-driver-registrar:v1.2.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-node-driver-registrar:v2.3.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-provisioner:v1.6.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-provisioner:v3.0.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-resizer:v0.4.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-resizer:v1.3.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-snapshotter:v2.1.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-snapshotter:v2.1.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/cephcsi/csi-snapshotter:v4.2.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/prometheus-webhook-snmp:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container ses/7/rook/ceph:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/pcp:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/rmt-mariadb-client:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/rmt-mariadb:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/rmt-nginx:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/rmt-server:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sle-micro/5.0/toolbox:latest
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sle15:15.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sle15:15.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sle15:15.2
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.2/virt-api:0.38.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.2/virt-controller:0.38.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.2/virt-handler:0.38.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.2/virt-launcher:0.38.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.2/virt-operator:0.38.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/cdi-apiserver:1.37.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/cdi-cloner:1.37.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/cdi-controller:1.37.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/cdi-importer:1.37.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/cdi-operator:1.37.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/cdi-uploadproxy:1.37.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/cdi-uploadserver:1.37.1
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/libguestfs-tools:0.45.0
elfutils-0.168-4.5.3
libasm1-0.168-4.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/virt-api:0.45.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/virt-controller:0.45.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/virt-handler:0.45.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/virt-launcher:0.45.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Container suse/sles/15.3/virt-operator:0.45.0
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Image SLES15-SP3-EC2-ECS-HVM
elfutils-0.168-4.5.3
libasm1-0.168-4.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Image SLES15-SP3-EC2-HVM
elfutils-0.168-4.5.3
libasm1-0.168-4.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Image SLES15-SP3-GCE
elfutils-0.168-4.5.3
libasm1-0.168-4.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Image SLES15-SP3-HPC-Azure
elfutils-0.168-4.5.3
libasm1-0.168-4.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Image SLES15-SP3-Micro-BYOS-GCE
elfutils-0.168-4.5.3
libasm1-0.168-4.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Image SLES15-SP3-SAP-Azure
elfutils-0.168-4.5.3
libasm1-0.168-4.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Image SLES15-SP3-SAP-EC2-HVM
elfutils-0.168-4.5.3
libasm1-0.168-4.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
Image SLES15-SP3-SAP-GCE
elfutils-0.168-4.5.3
libasm1-0.168-4.5.3
libdw1-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libelf1-0.168-4.5.3
SUSE Linux Enterprise Module for Basesystem 15
elfutils-0.168-4.5.3
elfutils-lang-0.168-4.5.3
libasm-devel-0.168-4.5.3
libasm1-0.168-4.5.3
libdw-devel-0.168-4.5.3
libdw1-0.168-4.5.3
libdw1-32bit-0.168-4.5.3
libebl-devel-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libebl-plugins-32bit-0.168-4.5.3
libelf-devel-0.168-4.5.3
libelf1-0.168-4.5.3
libelf1-32bit-0.168-4.5.3
SUSE Linux Enterprise Module for Basesystem 15 SP1
elfutils-0.168-4.5.3
elfutils-lang-0.168-4.5.3
libasm-devel-0.168-4.5.3
libasm1-0.168-4.5.3
libdw-devel-0.168-4.5.3
libdw1-0.168-4.5.3
libdw1-32bit-0.168-4.5.3
libebl-devel-0.168-4.5.3
libebl-plugins-0.168-4.5.3
libebl-plugins-32bit-0.168-4.5.3
libelf-devel-0.168-4.5.3
libelf1-0.168-4.5.3
libelf1-32bit-0.168-4.5.3

Ссылки

Описание

The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки

Описание

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

Затронутые продукты
Container bci/dotnet-aspnet:3.1:libdw1-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libebl-plugins-0.168-4.5.3
Container bci/dotnet-aspnet:3.1:libelf1-0.168-4.5.3
Container bci/dotnet-aspnet:5.0:libdw1-0.168-4.5.3
Ссылки
Уязвимость SUSE-SU-2019:1486-1