SUSE-SU-2019:1486-1 -- SLES elfutils, libasm-devel, libasm1, libdw-devel, libdw1, libebl-devel, libebl-plugins, libelf-devel, libelf1ID: oval:org.secpod.oval:def:89050538 | Date: (C)2023-10-16 (M)2023-10-15 |
Class: PATCH | Family: unix |
This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group - CVE-2017-7611: Fixed a denial of service via a crafted ELF file - CVE-2017-7612: Fixed a denial of service in check_sysv_hash via a crafted ELF file - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice - CVE-2018-16403: Fixed a heap buffer overflow in readelf - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c - CVE-2018-18520: Fixed bad handling of ar files inside are files - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols used by eu-ranlib - CVE-2019-7150: dwfl_segment_report_module doesn"t check whether the dyn data read from core file is truncated - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |
SUSE Linux Enterprise Desktop 15 SP1 |
SUSE Linux Enterprise Server 15 SP1 |
Product: |
elfutils |
libasm-devel |
libasm1 |
libdw-devel |
libdw1 |
libebl-devel |
libebl-plugins |
libelf-devel |
libelf1 |