Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Mageia: 2019-0222 Moderate: Elfutils Denial Of Service Issues

mageia
Calendar Grey August 18, 2019
Dist Mageia Esm H88
The latest updates to the Elfutils packages aim to resolve multiple security vulnerabilities that could lead to denial of service, as detailed in advisory MGASA-2019-0222.
It was discovered that elfutils incorrectly handled certain malformed files

Summary

It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665).
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash) (CVE-2019-7664).

References

- https://bugs.mageia.org/show_bug.cgi?id=23160

- https://ubuntu.com/security/notices/USN-3670-1

- https://ubuntu.com/security/notices/USN-4012-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z6QQTO2CLXUBNNOX4DEZ5XXWJYV3SYVN/

- https://www.cve.org/CVERecord?id=CVE-2017-7607

- https://www.cve.org/CVERecord?id=CVE-2017-7608

- https://www.cve.org/CVERecord?id=CVE-2017-7609

- https://www.cve.org/CVERecord?id=CVE-2017-7610

- https://www.cve.org/CVERecord?id=CVE-2017-7611

- https://www.cve.org/CVERecord?id=CVE-2017-7612

- https://www.cve.org/CVERecord?id=CVE-2017-7613

- https://www.cve.org/CVERecord?id=CVE-2018-16062

- https://www.cve.org/CVERecord?id=CVE-2018-16402

- https://www.cve.org/CVERecord?id=CVE-2018-16403

- https://www.cve.org/CVERecord?id=CVE-2018-18310

- https://www.cve.org/CVERecord?id=CVE-2018-18520

- https://www.cve.org/CVERecord?id=CVE-2018-18521

- https://www.cve.org/CVERecord?id=CVE-2019-7149

- https://www.cve.org/CVERecord?id=CVE-2019-7150

- https://www.cve.org/CVERecord?id=CVE-2019-7664

- https://www.cve.org/CVERecord?id=CVE-2019-7665

Resolution

SRPMS

- 6/core/elfutils-0.176-1.mga6

Publication date: 18 Aug 2019
URL: https://advisories.mageia.org/MGASA-2019-0222.html
Type: security
CVE: CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.