SUSE-SU-2019:1486-1

Source
https://www.suse.com/support/update/announcement/2019/suse-su-20191486-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1486-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2019:1486-1
Related
Published
2019-06-13T07:40:27Z
Modified
2019-06-13T07:40:27Z
Summary
Security update for elfutils
Details

This update for elfutils fixes the following issues:

Security issues fixed:

  • CVE-2017-7607: Fixed a heap-based buffer overflow in handlegnuhash (bsc#1033084)
  • CVE-2017-7608: Fixed a heap-based buffer overflow in eblobjectnotetypename() (bsc#1033085)
  • CVE-2017-7609: Fixed a memory allocation failure in _libelfdecompress (bsc#1033086)
  • CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
  • CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
  • CVE-2017-7612: Fixed a denial of service in checksysvhash() via a crafted ELF file (bsc#1033089)
  • CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
  • CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
  • CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
  • CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
  • CVE-2018-18310: Fixed an invalid address read problem in dwflsegmentreport_module.c (bsc#1111973)
  • CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
  • CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlibaddsymbols() used by eu-ranlib (bsc#1112723)
  • CVE-2019-7150: dwflsegmentreport_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
  • CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.168-4.5.3

Ecosystem specific

{
    "binaries": [
        {
            "libebl-plugins": "0.168-4.5.3",
            "libdw1-32bit": "0.168-4.5.3",
            "libasm-devel": "0.168-4.5.3",
            "libasm1": "0.168-4.5.3",
            "elfutils-lang": "0.168-4.5.3",
            "elfutils": "0.168-4.5.3",
            "libelf1": "0.168-4.5.3",
            "libelf-devel": "0.168-4.5.3",
            "libdw-devel": "0.168-4.5.3",
            "libdw1": "0.168-4.5.3",
            "libebl-devel": "0.168-4.5.3",
            "libelf1-32bit": "0.168-4.5.3",
            "libebl-plugins-32bit": "0.168-4.5.3"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.168-4.5.3

Ecosystem specific

{
    "binaries": [
        {
            "libebl-plugins": "0.168-4.5.3",
            "libdw1-32bit": "0.168-4.5.3",
            "libasm-devel": "0.168-4.5.3",
            "libasm1": "0.168-4.5.3",
            "elfutils-lang": "0.168-4.5.3",
            "elfutils": "0.168-4.5.3",
            "libelf1": "0.168-4.5.3",
            "libelf-devel": "0.168-4.5.3",
            "libdw-devel": "0.168-4.5.3",
            "libdw1": "0.168-4.5.3",
            "libebl-devel": "0.168-4.5.3",
            "libelf1-32bit": "0.168-4.5.3",
            "libebl-plugins-32bit": "0.168-4.5.3"
        }
    ]
}