Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 29 FEDORA-2018-91382c7bd3 Critical: elfutils Memory Fix

fedora
Calendar Grey November 18, 2018
Dist Fedora Esm H88
Ubuntu 19.10 libc6 gets critical patch addressing buffer overflows and error management improvements crucial for reliability.
Add support for ELF version, gnu property and gnu attrbutes notes

Summary

Elfutils is a collection of utilities, including stack (to show

backtraces), nm (for listing symbols from object files), size

(for listing the section sizes of an object or archive file),

strip (for discarding symbols), readelf (to see the raw ELF file

structures), elflint (to check for well-formed ELF files) and

elfcompress (to compress or decompress ELF sections).

Add support for ELF version, gnu property and gnu attrbutes notes. Fix eu-strip

/eu-unstrip section group handling. Fixes CVE-2018-18310, CVE-2018-18520 and

CVE-2018-18521.

* Wed Nov 14 2018 Mark Wielaard - 0.174-5

- Add elfutils-0.174-x86_64_unwind.patch.

- Add elfutils-0.174-gnu-property-note.patch.

- Add elfutils-0.174-version-note.patch.

- Add elfutils-0.174-gnu-attribute-note.patch

* Tue Nov 6 2018 Mark Wielaard - 0.174-4

- Add elfutils-0.174-size-rec-ar.patch

CVE-2018-18520 (#1646478)

- Add elfutils-0.174-ar-sh_entsize-zero.patch

CVE-2018-18521 (#1646483)

* Fri Nov 2 2018 Mark Wielaard - 0.174-3

- Add elfutils-0.174-libdwfl-sanity-check-core-reads.patch

CVE-2018-18310 (#1642605)

* Wed Oct 17 2018 Mark Wielaard - 0.174-2

- Add elfutils-0.174-strip-unstrip-group.patch.

[ 1 ] Bug #1642604 - CVE-2018-18310 elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl

https://bugzilla.redhat.com/show_bug.cgi?id=1642604

[ 2 ] Bug #1646477 - CVE-2018-18520 elfutils: Invalid Memory Address Dereference exists in the function elf_end in libelf

https://bugzilla.redhat.com/show_bug.cgi?id=1646477

[ 3 ] Bug #1646482 - CVE-2018-18521 elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c

https://bugzilla.redhat.com/show_bug.cgi?id=1646482

su -c 'dnf upgrade --advisory FEDORA-2018-91382c7bd3' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update critical Fedora memory issue elfutils

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 0.174
Release: 5.fc29
URL: https://sourceware.org/elfutils/
Summary: A collection of utilities and DSOs to handle ELF files and DWARF data

Topics%20covered

Topics Covered

security advisory update critical Fedora memory issue elfutils

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here