ArchLinux: 201903-9: libelf: denial of service

    Date20 Mar 2019
    CategoryArchLinux
    371
    Posted ByLinuxSecurity Advisories
    The package libelf before version 0.176-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-201903-9
    =========================================
    
    Severity: Medium
    Date    : 2019-03-18
    CVE-ID  : CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664
              CVE-2019-7665
    Package : libelf
    Type    : denial of service
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-863
    
    Summary
    =======
    
    The package libelf before version 0.176-1 is vulnerable to denial of
    service.
    
    Resolution
    ==========
    
    Upgrade to 0.176-1.
    
    # pacman -Syu "libelf>=0.176-1"
    
    The problems have been fixed upstream in version 0.176.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-7148 (denial of service)
    
    An attempted excessive memory allocation was discovered in the function
    read_long_names in elf_begin.c in libelf in elfutils <= 0.175. Remote
    attackers could leverage this vulnerability to cause a denial-of-
    service via crafted elf input, which leads to an out-of-memory
    exception.
    
    - CVE-2019-7149 (denial of service)
    
    A heap-based buffer over-read was discovered in the function
    read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A
    crafted input can cause segmentation faults, leading to denial-of-
    service.
    
    - CVE-2019-7150 (denial of service)
    
    An issue was discovered in elfutils 0.175. A segmentation fault can
    occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to
    dwfl_segment_report_module not checking whether the dyn data read from
    a core file is truncated. A crafted input can cause a program crash,
    leading to denial-of-service.
    
    - CVE-2019-7664 (denial of service)
    
    In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note
    in libelf/note_xlate.h because of an incorrect overflow check. Crafted
    elf input causes a segmentation fault, leading to denial of service
    (program crash).
    
    - CVE-2019-7665 (denial of service)
    
    In elfutils 0.175, a heap-based buffer over-read was discovered in the
    function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF
    input can cause a segmentation fault leading to denial of service
    (program crash) because ebl_core_note does not reject malformed core
    file notes.
    
    Impact
    ======
    
    A remote attacker is able to crash a program that uses libelf by
    providing it with a crafted ELF file.
    
    References
    ==========
    
    https://sourceware.org/bugzilla/show_bug.cgi?id=24085
    https://sourceware.org/bugzilla/show_bug.cgi?id=24102
    https://sourceware.org/bugzilla/show_bug.cgi?id=24103
    https://sourceware.org/bugzilla/show_bug.cgi?id=24084
    https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
    https://sourceware.org/bugzilla/show_bug.cgi?id=24089
    https://security.archlinux.org/CVE-2019-7148
    https://security.archlinux.org/CVE-2019-7149
    https://security.archlinux.org/CVE-2019-7150
    https://security.archlinux.org/CVE-2019-7664
    https://security.archlinux.org/CVE-2019-7665
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.