openSUSE: 2019:1590-1: moderate: elfutils

    Date19 Jun 2019
    CategoryopenSUSE
    319
    Posted ByLinuxSecurity Advisories
    An update that fixes 15 vulnerabilities is now available.
       openSUSE Security Update: Security update for elfutils
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1590-1
    Rating:             moderate
    References:         #1033084 #1033085 #1033086 #1033087 #1033088 
                        #1033089 #1033090 #1106390 #1107066 #1107067 
                        #1111973 #1112723 #1112726 #1123685 #1125007 
                        
    Cross-References:   CVE-2017-7607 CVE-2017-7608 CVE-2017-7609
                        CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
                        CVE-2017-7613 CVE-2018-16062 CVE-2018-16402
                        CVE-2018-16403 CVE-2018-18310 CVE-2018-18520
                        CVE-2018-18521 CVE-2019-7150 CVE-2019-7665
                       
    Affected Products:
                        openSUSE Leap 15.1
                        openSUSE Leap 15.0
    ______________________________________________________________________________
    
       An update that fixes 15 vulnerabilities is now available.
    
    Description:
    
       This update for elfutils fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash
         (bsc#1033084)
       - CVE-2017-7608: Fixed a heap-based buffer overflow in
         ebl_object_note_type_name() (bsc#1033085)
       - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress
         (bsc#1033086)
       - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group
         (bsc#1033087)
       - CVE-2017-7611: Fixed a denial of service via a crafted ELF file
         (bsc#1033088)
       - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a
         crafted ELF file (bsc#1033089)
       - CVE-2017-7613: Fixed denial of service caused by the missing validation
         of the number of sections and the number of segments in a crafted ELF
         file (bsc#1033090)
       - CVE-2018-16062: Fixed a heap-buffer overflow in
         /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
       - CVE-2018-16402: Fixed a denial of service/double free on an attempt to
         decompress the same section twice (bsc#1107066)
       - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
       - CVE-2018-18310: Fixed an invalid address read problem in
         dwfl_segment_report_module.c (bsc#1111973)
       - CVE-2018-18520: Fixed bad handling of ar files inside are files
         (bsc#1112726)
       - CVE-2018-18521: Fixed a denial of service vulnerabilities in the
         function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
       - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn
         data read from core file is truncated (bsc#1123685)
       - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated
         string (bsc#1125007)
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2019-1590=1
    
       - openSUSE Leap 15.0:
    
          zypper in -t patch openSUSE-2019-1590=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (i586 x86_64):
    
          elfutils-0.168-lp151.4.3.1
          elfutils-debuginfo-0.168-lp151.4.3.1
          elfutils-debugsource-0.168-lp151.4.3.1
          libasm-devel-0.168-lp151.4.3.1
          libasm1-0.168-lp151.4.3.1
          libasm1-debuginfo-0.168-lp151.4.3.1
          libdw-devel-0.168-lp151.4.3.1
          libdw1-0.168-lp151.4.3.1
          libdw1-debuginfo-0.168-lp151.4.3.1
          libebl-devel-0.168-lp151.4.3.1
          libebl-plugins-0.168-lp151.4.3.1
          libebl-plugins-debuginfo-0.168-lp151.4.3.1
          libelf-devel-0.168-lp151.4.3.1
          libelf1-0.168-lp151.4.3.1
          libelf1-debuginfo-0.168-lp151.4.3.1
    
       - openSUSE Leap 15.1 (noarch):
    
          elfutils-lang-0.168-lp151.4.3.1
    
       - openSUSE Leap 15.1 (x86_64):
    
          libasm1-32bit-0.168-lp151.4.3.1
          libasm1-32bit-debuginfo-0.168-lp151.4.3.1
          libdw1-32bit-0.168-lp151.4.3.1
          libdw1-32bit-debuginfo-0.168-lp151.4.3.1
          libebl-plugins-32bit-0.168-lp151.4.3.1
          libebl-plugins-32bit-debuginfo-0.168-lp151.4.3.1
          libelf-devel-32bit-0.168-lp151.4.3.1
          libelf1-32bit-0.168-lp151.4.3.1
          libelf1-32bit-debuginfo-0.168-lp151.4.3.1
    
       - openSUSE Leap 15.0 (i586 x86_64):
    
          elfutils-0.168-lp150.3.3.1
          elfutils-debuginfo-0.168-lp150.3.3.1
          elfutils-debugsource-0.168-lp150.3.3.1
          libasm-devel-0.168-lp150.3.3.1
          libasm1-0.168-lp150.3.3.1
          libasm1-debuginfo-0.168-lp150.3.3.1
          libdw-devel-0.168-lp150.3.3.1
          libdw1-0.168-lp150.3.3.1
          libdw1-debuginfo-0.168-lp150.3.3.1
          libebl-devel-0.168-lp150.3.3.1
          libebl-plugins-0.168-lp150.3.3.1
          libebl-plugins-debuginfo-0.168-lp150.3.3.1
          libelf-devel-0.168-lp150.3.3.1
          libelf1-0.168-lp150.3.3.1
          libelf1-debuginfo-0.168-lp150.3.3.1
    
       - openSUSE Leap 15.0 (noarch):
    
          elfutils-lang-0.168-lp150.3.3.1
    
       - openSUSE Leap 15.0 (x86_64):
    
          libasm1-32bit-0.168-lp150.3.3.1
          libasm1-32bit-debuginfo-0.168-lp150.3.3.1
          libdw1-32bit-0.168-lp150.3.3.1
          libdw1-32bit-debuginfo-0.168-lp150.3.3.1
          libebl-plugins-32bit-0.168-lp150.3.3.1
          libebl-plugins-32bit-debuginfo-0.168-lp150.3.3.1
          libelf-devel-32bit-0.168-lp150.3.3.1
          libelf1-32bit-0.168-lp150.3.3.1
          libelf1-32bit-debuginfo-0.168-lp150.3.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-7607.html
       https://www.suse.com/security/cve/CVE-2017-7608.html
       https://www.suse.com/security/cve/CVE-2017-7609.html
       https://www.suse.com/security/cve/CVE-2017-7610.html
       https://www.suse.com/security/cve/CVE-2017-7611.html
       https://www.suse.com/security/cve/CVE-2017-7612.html
       https://www.suse.com/security/cve/CVE-2017-7613.html
       https://www.suse.com/security/cve/CVE-2018-16062.html
       https://www.suse.com/security/cve/CVE-2018-16402.html
       https://www.suse.com/security/cve/CVE-2018-16403.html
       https://www.suse.com/security/cve/CVE-2018-18310.html
       https://www.suse.com/security/cve/CVE-2018-18520.html
       https://www.suse.com/security/cve/CVE-2018-18521.html
       https://www.suse.com/security/cve/CVE-2019-7150.html
       https://www.suse.com/security/cve/CVE-2019-7665.html
       https://bugzilla.suse.com/1033084
       https://bugzilla.suse.com/1033085
       https://bugzilla.suse.com/1033086
       https://bugzilla.suse.com/1033087
       https://bugzilla.suse.com/1033088
       https://bugzilla.suse.com/1033089
       https://bugzilla.suse.com/1033090
       https://bugzilla.suse.com/1106390
       https://bugzilla.suse.com/1107066
       https://bugzilla.suse.com/1107067
       https://bugzilla.suse.com/1111973
       https://bugzilla.suse.com/1112723
       https://bugzilla.suse.com/1112726
       https://bugzilla.suse.com/1123685
       https://bugzilla.suse.com/1125007
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":61.54,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":23.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":15.38,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.