Описание
Security update for elfutils
This update for elfutils fixes the following issues:
Security issues fixed:
- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084)
- CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085)
- CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
- CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089)
- CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
- CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
- CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
- CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
- CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1590-1
- SUSE Security Ratings
- SUSE Bug 1033084
- SUSE Bug 1033085
- SUSE Bug 1033086
- SUSE Bug 1033087
- SUSE Bug 1033088
- SUSE Bug 1033089
- SUSE Bug 1033090
- SUSE Bug 1106390
- SUSE Bug 1107066
- SUSE Bug 1107067
- SUSE Bug 1111973
- SUSE Bug 1112723
- SUSE Bug 1112726
- SUSE Bug 1123685
- SUSE Bug 1125007
- SUSE CVE CVE-2017-7607 page
- SUSE CVE CVE-2017-7608 page
- SUSE CVE CVE-2017-7609 page
Описание
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Затронутые продукты
Ссылки
- CVE-2017-7607
- SUSE Bug 1033084
Описание
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Затронутые продукты
Ссылки
- CVE-2017-7608
- SUSE Bug 1033085
Описание
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
Затронутые продукты
Ссылки
- CVE-2017-7609
- SUSE Bug 1033086
Описание
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Затронутые продукты
Ссылки
- CVE-2017-7610
- SUSE Bug 1033087
Описание
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Затронутые продукты
Ссылки
- CVE-2017-7611
- SUSE Bug 1033088
Описание
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Затронутые продукты
Ссылки
- CVE-2017-7612
- SUSE Bug 1033089
Описание
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
Затронутые продукты
Ссылки
- CVE-2017-7613
- SUSE Bug 1033090
Описание
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2018-16062
- SUSE Bug 1106390
Описание
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
Затронутые продукты
Ссылки
- CVE-2018-16402
- SUSE Bug 1107066
Описание
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
Затронутые продукты
Ссылки
- CVE-2018-16403
- SUSE Bug 1107067
Описание
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
Затронутые продукты
Ссылки
- CVE-2018-18310
- SUSE Bug 1111973
Описание
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
Затронутые продукты
Ссылки
- CVE-2018-18520
- SUSE Bug 1112726
Описание
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
Затронутые продукты
Ссылки
- CVE-2018-18521
- SUSE Bug 1112723
Описание
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.
Затронутые продукты
Ссылки
- CVE-2019-7150
- SUSE Bug 1123685
Описание
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
Затронутые продукты
Ссылки
- CVE-2019-7665
- SUSE Bug 1125007