SUSE-SU-2019:1733-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2019/suse-su-20191733-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1733-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2019:1733-1
Related
Published
2019-07-03T11:54:57Z
Modified
2019-07-03T11:54:57Z
Summary
Security update for elfutils
Details

This update for elfutils fixes the following issues:

Security issues fixed:

  • CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067).
  • CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472).
  • CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007).
  • CVE-2016-10255: Fixed a memory allocation failure in libelfsetrawdata_wrlock (bsc#1030476).
  • CVE-2019-7150: Added a missing check in dwflsegmentreport_module which could have allowed truncated files to be read (bsc#1123685).
  • CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390).
  • CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088).
  • CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090).
  • CVE-2017-7607: Fixed a heap-based buffer overflow in handlegnuhash (bsc#1033084).
  • CVE-2017-7608: Fixed a heap-based buffer overflow in eblobjectnotetypename() (bsc#1033085).
  • CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087).
  • CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlibaddsymbols() (bsc#1112723).
  • CVE-2017-7612: Fixed a denial of service in checksysvhash() via a crafted ELF file (bsc#1033089).
  • CVE-2018-18310: Fixed an invalid address read in dwflsegmentreport_module.c (bsc#1111973).
  • CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726).
References

Affected packages

SUSE:Linux Enterprise Desktop 12 SP3 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.158-7.7.2

Ecosystem specific 

{
    "binaries": [
        {
            "libdw1-32bit": "0.158-7.7.2",
            "libasm1": "0.158-7.7.2",
            "elfutils": "0.158-7.7.2",
            "libebl1-32bit": "0.158-7.7.2",
            "libelf1": "0.158-7.7.2",
            "libelf1-32bit": "0.158-7.7.2",
            "libdw1": "0.158-7.7.2",
            "libebl1": "0.158-7.7.2"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 SP4 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.158-7.7.2

Ecosystem specific 

{
    "binaries": [
        {
            "libdw1-32bit": "0.158-7.7.2",
            "libasm1": "0.158-7.7.2",
            "elfutils": "0.158-7.7.2",
            "libebl1-32bit": "0.158-7.7.2",
            "libelf1": "0.158-7.7.2",
            "libelf-devel": "0.158-7.7.2",
            "libelf1-32bit": "0.158-7.7.2",
            "libdw1": "0.158-7.7.2",
            "libebl1": "0.158-7.7.2"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP3 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.158-7.7.2

Ecosystem specific 

{
    "binaries": [
        {
            "libelf-devel": "0.158-7.7.2",
            "libdw-devel": "0.158-7.7.2",
            "libasm-devel": "0.158-7.7.2",
            "libebl-devel": "0.158-7.7.2"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP4 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.158-7.7.2

Ecosystem specific 

{
    "binaries": [
        {
            "libdw-devel": "0.158-7.7.2",
            "libasm-devel": "0.158-7.7.2",
            "libebl-devel": "0.158-7.7.2"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.158-7.7.2

Ecosystem specific 

{
    "binaries": [
        {
            "libasm1-32bit": "0.158-7.7.2",
            "libdw1-32bit": "0.158-7.7.2",
            "libasm1": "0.158-7.7.2",
            "elfutils": "0.158-7.7.2",
            "libebl1-32bit": "0.158-7.7.2",
            "libelf1": "0.158-7.7.2",
            "libelf1-32bit": "0.158-7.7.2",
            "libdw1": "0.158-7.7.2",
            "libebl1": "0.158-7.7.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP3 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.158-7.7.2

Ecosystem specific 

{
    "binaries": [
        {
            "libasm1-32bit": "0.158-7.7.2",
            "libdw1-32bit": "0.158-7.7.2",
            "libasm1": "0.158-7.7.2",
            "elfutils": "0.158-7.7.2",
            "libebl1-32bit": "0.158-7.7.2",
            "libelf1": "0.158-7.7.2",
            "libelf1-32bit": "0.158-7.7.2",
            "libdw1": "0.158-7.7.2",
            "libebl1": "0.158-7.7.2"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.158-7.7.2

Ecosystem specific 

{
    "binaries": [
        {
            "libasm1-32bit": "0.158-7.7.2",
            "libdw1-32bit": "0.158-7.7.2",
            "libasm1": "0.158-7.7.2",
            "elfutils": "0.158-7.7.2",
            "libebl1-32bit": "0.158-7.7.2",
            "libelf1": "0.158-7.7.2",
            "libelf-devel": "0.158-7.7.2",
            "libelf1-32bit": "0.158-7.7.2",
            "libdw1": "0.158-7.7.2",
            "libebl1": "0.158-7.7.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/suse/elfutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.158-7.7.2

Ecosystem specific 

{
    "binaries": [
        {
            "libasm1-32bit": "0.158-7.7.2",
            "libdw1-32bit": "0.158-7.7.2",
            "libasm1": "0.158-7.7.2",
            "elfutils": "0.158-7.7.2",
            "libebl1-32bit": "0.158-7.7.2",
            "libelf1": "0.158-7.7.2",
            "libelf-devel": "0.158-7.7.2",
            "libelf1-32bit": "0.158-7.7.2",
            "libdw1": "0.158-7.7.2",
            "libebl1": "0.158-7.7.2"
        }
    ]
}