SUSE-SU-2022:2614-2

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20222614-2/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2614-2.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2022:2614-2
Related
Published
2022-08-01T08:41:26Z
Modified
2022-08-01T08:41:26Z
Summary
Security update for dwarves and elfutils
Details

This update for dwarves and elfutils fixes the following issues:

elfutils was updated to version 0.177 (jsc#SLE-24501):

  • elfclassify: New tool to analyze ELF objects.
  • readelf: Print DWATdatamemberlocation as decimal offset. Decode DWATdiscr_list block attributes.
  • libdw: Add DWATGNUnumerator, DWATGNUdenominator and DWATGNU_bias.
  • libdwelf: Add dwelfelfemachinestring. dwelfelfbegin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELFKNONE is returned.
  • backends: Add support for C-SKY.

Update to version 0.176:

  • build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h).
  • backends: riscv improved core file and return value location support.
  • Fixes:
    • CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwflsegmentreportmodule doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
    • CVE-2019-7665: NTPLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)

Update to version 0.175:

  • readelf: Handle mutliple .debugmacro sections. Recognize and parse GNU Property, NTVERSION and GNU Build Attribute ELF Notes.
  • strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections.
  • libdwelf: New function dwelfelfbegin.
  • libcpu: Recognize bpf jump variants BPFJLT, BPFJLE, BPFJSLT and BPFJSLE. backends: RISCV handles ADD/SUB relocations. Handle SHTX8664UNWIND.
    • CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlibaddsymbols() used by eu-ranlib (bsc#1112723)
    • CVE-2018-18310: Invalid Address Read problem in dwflsegmentreportmodule.c (bsc#1111973)
    • CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)

Update to version 0.174:

  • libelf, libdw and all tools now handle extended shnum and shstrndx correctly.

  • elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite.

  • strip: Handle mixed (out of order) allocated/non-allocated sections.
  • unstrip: Handle SHT_GROUP sections.
  • backends: RISCV and M68K now have backend implementations to generate CFI based backtraces.
  • Fixes:
    • CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
    • CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
    • CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)

Update to version 0.173:

  • More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles.
  • readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded).
  • libdw: New function dwarfnextlines to read CU-less .debugline data. dwarfbeginelf now accepts ELF files containing just .debugline or .debugframe sections (which can be read without needing a DIE tree from the .debuginfo section). Removed dwarfgetscninfo, which was never implemented.
  • backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names.

Update to version 0.172:

  • Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases.

Update to version 0.171:

  • DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debugaddr, .debuglinestr, .debugloclists, .debugstroffsets and .debugrnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarfgetlocation, dwarf_getsrclines, dwarf_ranges, dwarf_form, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarfgetunits and dwarfcuinfo), handle new attribute data (dwarfgetabbrevattrdata) and to keep references to DwarfDies that might come from different sections or files (dwarfdieaddrdie).
  • Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debugnames index, the .debugcuindex and .debugtuindex sections. Only a single .debuginfo (and .debug_types) section are currently handled.
  • readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc.
  • libdw: New functions dwarfdieaddrdie, dwarfgetunits, dwarfgetabbrevattrdata and dwarfcuinfo. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarfsetalt. dwarfaggregate_size() now works with multi-dimensional arrays.
  • libdwfl: Use processvmreadv when available instead of ptrace. backends: Add a RISC-V backend.

    There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

  • libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarfdefaultlowerbound and dwarflinefile. dwarfpeeltype now handles DWARF5 immutable, packed and shared tags. dwarfgetmacros now handles DWARF5 .debug_macro sections.
  • strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
  • backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

  • backends: Add support for EMPPC64 GNUATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64.
  • translations: Update Polish translation.
    • CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
    • CVE-2017-7610: elflint: heap-based buffer overflow in checkgroup (bsc#1033087)
    • CVE-2017-7609: memory allocation failure in libelfdecompress (bsc#1033086)
    • CVE-2017-7607: heap-based buffer overflow in handlegnuhashi (readelf.c) (bsc#1033084)
    • CVE-2017-7608: heap-based buffer overflow in eblobjectnotetypename (eblobjnotetypename.c) (bsc#1033085)
    • CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
    • CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
  • Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.

References

Affected packages

openSUSE:Leap Micro 5.2 / dwarves

Package

Name
dwarves
Purl
pkg:rpm/opensuse/dwarves&distro=openSUSE%20Leap%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22-150300.7.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libebl-plugins": "0.177-150300.11.3.1",
            "libasm1": "0.177-150300.11.3.1",
            "libdwarves1": "1.22-150300.7.3.1",
            "elfutils": "0.177-150300.11.3.1",
            "libdwarves-devel": "1.22-150300.7.3.1",
            "libelf1": "0.177-150300.11.3.1",
            "dwarves": "1.22-150300.7.3.1",
            "libdw1": "0.177-150300.11.3.1"
        }
    ]
}

openSUSE:Leap Micro 5.2 / elfutils

Package

Name
elfutils
Purl
pkg:rpm/opensuse/elfutils&distro=openSUSE%20Leap%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.177-150300.11.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libebl-plugins": "0.177-150300.11.3.1",
            "libasm1": "0.177-150300.11.3.1",
            "libdwarves1": "1.22-150300.7.3.1",
            "elfutils": "0.177-150300.11.3.1",
            "libdwarves-devel": "1.22-150300.7.3.1",
            "libelf1": "0.177-150300.11.3.1",
            "dwarves": "1.22-150300.7.3.1",
            "libdw1": "0.177-150300.11.3.1"
        }
    ]
}