Fedora 25: FEDORA-2017-5e4fb05a0a Critical: Elfutils Heap Overflow

Elfutils is a collection of utilities, including stack (to show

backtraces), nm (for listing symbols from object files), size

(for listing the section sizes of an object or archive file),

strip (for discarding symbols), readelf (to see the raw ELF file

structures), elflint (to check for well-formed ELF files) and

elfcompress (to compress or decompress ELF sections).

New upstream release. Various bug fixes.

[ 1 ] Bug #1441613 - CVE-2017-7607 elfutils: Heap-buffer overflow in the handle_gnu_hash function

https://bugzilla.redhat.com/show_bug.cgi?id=1441613

[ 2 ] Bug #1441624 - CVE-2017-7608 elfutils: Heap-buffer overflow in the ebl_object_note_type_name function

https://bugzilla.redhat.com/show_bug.cgi?id=1441624

[ 3 ] Bug #1441625 - CVE-2017-7609 elfutils: Memory allocation failure in elf_compress.c

https://bugzilla.redhat.com/show_bug.cgi?id=1441625

[ 4 ] Bug #1441626 - CVE-2017-7610 elfutils: Heap-buffer overflow in the check_group function

https://bugzilla.redhat.com/show_bug.cgi?id=1441626

[ 5 ] Bug #1441627 - CVE-2017-7611 elfutils: Heap-buffer overflow in the check_symtab_shndx function

https://bugzilla.redhat.com/show_bug.cgi?id=1441627

[ 6 ] Bug #1441628 - CVE-2017-7612 elfutils: Heap-buffer overflow in the check_sysv_hash function

https://bugzilla.redhat.com/show_bug.cgi?id=1441628

[ 7 ] Bug #1441629 - CVE-2017-7613 elfutils: elflint.c does not validate the number of sections and segments

https://bugzilla.redhat.com/show_bug.cgi?id=1441629

su -c 'dnf upgrade elfutils' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org