SUSE: 2019:1486-1 moderate: elfutils

    Date13 Jun 2019
    CategorySuSE
    311
    Posted ByLinuxSecurity Advisories
    An update that fixes 15 vulnerabilities is now available.
    
       SUSE Security Update: Security update for elfutils
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:1486-1
    Rating:             moderate
    References:         #1033084 #1033085 #1033086 #1033087 #1033088 
                        #1033089 #1033090 #1106390 #1107066 #1107067 
                        #1111973 #1112723 #1112726 #1123685 #1125007 
                        
    Cross-References:   CVE-2017-7607 CVE-2017-7608 CVE-2017-7609
                        CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
                        CVE-2017-7613 CVE-2018-16062 CVE-2018-16402
                        CVE-2018-16403 CVE-2018-18310 CVE-2018-18520
                        CVE-2018-18521 CVE-2019-7150 CVE-2019-7665
                       
    Affected Products:
                        SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
                        SUSE Linux Enterprise Module for Basesystem 15-SP1
                        SUSE Linux Enterprise Module for Basesystem 15
    ______________________________________________________________________________
    
       An update that fixes 15 vulnerabilities is now available.
    
    Description:
    
       This update for elfutils fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash
         (bsc#1033084)
       - CVE-2017-7608: Fixed a heap-based buffer overflow in
         ebl_object_note_type_name() (bsc#1033085)
       - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress
         (bsc#1033086)
       - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group
         (bsc#1033087)
       - CVE-2017-7611: Fixed a denial of service via a crafted ELF file
         (bsc#1033088)
       - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a
         crafted ELF file (bsc#1033089)
       - CVE-2017-7613: Fixed denial of service caused by the missing validation
         of the number of sections and the number of segments in a crafted ELF
         file (bsc#1033090)
       - CVE-2018-16062: Fixed a heap-buffer overflow in
         /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
       - CVE-2018-16402: Fixed a denial of service/double free on an attempt to
         decompress the same section twice (bsc#1107066)
       - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
       - CVE-2018-18310: Fixed an invalid address read problem in
         dwfl_segment_report_module.c (bsc#1111973)
       - CVE-2018-18520: Fixed bad handling of ar files inside are files
         (bsc#1112726)
       - CVE-2018-18521: Fixed a denial of service vulnerabilities in the
         function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
       - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn
         data read from core file is truncated (bsc#1123685)
       - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated
         string (bsc#1125007)
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
    
          zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1486=1
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1:
    
          zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1486=1
    
       - SUSE Linux Enterprise Module for Basesystem 15:
    
          zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1486=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):
    
          elfutils-debugsource-0.168-4.5.3
          libasm1-32bit-0.168-4.5.3
          libasm1-32bit-debuginfo-0.168-4.5.3
          libelf-devel-32bit-0.168-4.5.3
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
    
          elfutils-0.168-4.5.3
          elfutils-debuginfo-0.168-4.5.3
          elfutils-debugsource-0.168-4.5.3
          libasm-devel-0.168-4.5.3
          libasm1-0.168-4.5.3
          libasm1-debuginfo-0.168-4.5.3
          libdw-devel-0.168-4.5.3
          libdw1-0.168-4.5.3
          libdw1-debuginfo-0.168-4.5.3
          libebl-devel-0.168-4.5.3
          libebl-plugins-0.168-4.5.3
          libebl-plugins-debuginfo-0.168-4.5.3
          libelf-devel-0.168-4.5.3
          libelf1-0.168-4.5.3
          libelf1-debuginfo-0.168-4.5.3
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
    
          elfutils-lang-0.168-4.5.3
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64):
    
          libdw1-32bit-0.168-4.5.3
          libdw1-32bit-debuginfo-0.168-4.5.3
          libebl-plugins-32bit-0.168-4.5.3
          libebl-plugins-32bit-debuginfo-0.168-4.5.3
          libelf1-32bit-0.168-4.5.3
          libelf1-32bit-debuginfo-0.168-4.5.3
    
       - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):
    
          elfutils-0.168-4.5.3
          elfutils-debuginfo-0.168-4.5.3
          elfutils-debugsource-0.168-4.5.3
          libasm-devel-0.168-4.5.3
          libasm1-0.168-4.5.3
          libasm1-debuginfo-0.168-4.5.3
          libdw-devel-0.168-4.5.3
          libdw1-0.168-4.5.3
          libdw1-debuginfo-0.168-4.5.3
          libebl-devel-0.168-4.5.3
          libebl-plugins-0.168-4.5.3
          libebl-plugins-debuginfo-0.168-4.5.3
          libelf-devel-0.168-4.5.3
          libelf1-0.168-4.5.3
          libelf1-debuginfo-0.168-4.5.3
    
       - SUSE Linux Enterprise Module for Basesystem 15 (x86_64):
    
          libdw1-32bit-0.168-4.5.3
          libdw1-32bit-debuginfo-0.168-4.5.3
          libebl-plugins-32bit-0.168-4.5.3
          libebl-plugins-32bit-debuginfo-0.168-4.5.3
          libelf1-32bit-0.168-4.5.3
          libelf1-32bit-debuginfo-0.168-4.5.3
    
       - SUSE Linux Enterprise Module for Basesystem 15 (noarch):
    
          elfutils-lang-0.168-4.5.3
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-7607.html
       https://www.suse.com/security/cve/CVE-2017-7608.html
       https://www.suse.com/security/cve/CVE-2017-7609.html
       https://www.suse.com/security/cve/CVE-2017-7610.html
       https://www.suse.com/security/cve/CVE-2017-7611.html
       https://www.suse.com/security/cve/CVE-2017-7612.html
       https://www.suse.com/security/cve/CVE-2017-7613.html
       https://www.suse.com/security/cve/CVE-2018-16062.html
       https://www.suse.com/security/cve/CVE-2018-16402.html
       https://www.suse.com/security/cve/CVE-2018-16403.html
       https://www.suse.com/security/cve/CVE-2018-18310.html
       https://www.suse.com/security/cve/CVE-2018-18520.html
       https://www.suse.com/security/cve/CVE-2018-18521.html
       https://www.suse.com/security/cve/CVE-2019-7150.html
       https://www.suse.com/security/cve/CVE-2019-7665.html
       https://bugzilla.suse.com/1033084
       https://bugzilla.suse.com/1033085
       https://bugzilla.suse.com/1033086
       https://bugzilla.suse.com/1033087
       https://bugzilla.suse.com/1033088
       https://bugzilla.suse.com/1033089
       https://bugzilla.suse.com/1033090
       https://bugzilla.suse.com/1106390
       https://bugzilla.suse.com/1107066
       https://bugzilla.suse.com/1107067
       https://bugzilla.suse.com/1111973
       https://bugzilla.suse.com/1112723
       https://bugzilla.suse.com/1112726
       https://bugzilla.suse.com/1123685
       https://bugzilla.suse.com/1125007
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.