SUSE: 2019:1733-1 elfutils

    Date03 Jul 2019
    CategorySuSE
    481
    Posted ByLinuxSecurity Advisories
    Suse Large
    An update that fixes 15 vulnerabilities is now available.
    
       SUSE Security Update: Security update for elfutils
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:1733-1
    Rating:             low
    References:         #1030472 #1030476 #1033084 #1033085 #1033087 
                        #1033088 #1033089 #1033090 #1106390 #1107067 
                        #1111973 #1112723 #1112726 #1123685 #1125007 
                        
    Cross-References:   CVE-2016-10254 CVE-2016-10255 CVE-2017-7607
                        CVE-2017-7608 CVE-2017-7610 CVE-2017-7611
                        CVE-2017-7612 CVE-2017-7613 CVE-2018-16062
                        CVE-2018-16403 CVE-2018-18310 CVE-2018-18520
                        CVE-2018-18521 CVE-2019-7150 CVE-2019-7665
                       
    Affected Products:
                        SUSE Linux Enterprise Software Development Kit 12-SP4
                        SUSE Linux Enterprise Software Development Kit 12-SP3
                        SUSE Linux Enterprise Server 12-SP4
                        SUSE Linux Enterprise Server 12-SP3
                        SUSE Linux Enterprise Desktop 12-SP4
                        SUSE Linux Enterprise Desktop 12-SP3
                        SUSE CaaS Platform 3.0
                        OpenStack Cloud Magnum Orchestration 7
    ______________________________________________________________________________
    
       An update that fixes 15 vulnerabilities is now available.
    
    Description:
    
       This update for elfutils fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led
         to Denial of Service (bsc#1107067).
       - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf
         (bsc#1030472).
       - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated
         string (bsc#1125007).
       - CVE-2016-10255: Fixed a memory allocation failure in
         libelf_set_rawdata_wrlock (bsc#1030476).
       - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which
         could have allowed truncated files to be read (bsc#1123685).
       - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390).
       - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led
         to Denial of Service (bsc#1033088).
       - CVE-2017-7613: Fixed denial of service caused by the missing validation
         of the number of sections and the number of segments in a crafted ELF
         file (bsc#1033090).
       - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash
         (bsc#1033084).
       - CVE-2017-7608: Fixed a heap-based buffer overflow in
         ebl_object_note_type_name() (bsc#1033085).
       - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group
         (bsc#1033087).
       - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in
         function arlib_add_symbols() (bsc#1112723).
       - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a
         crafted ELF file (bsc#1033089).
       - CVE-2018-18310: Fixed an invalid address read in
         dwfl_segment_report_module.c (bsc#1111973).
       - CVE-2018-18520: Fixed bad handling of ar files inside are files
         (bsc#1112726).
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Software Development Kit 12-SP4:
    
          zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1733=1
    
       - SUSE Linux Enterprise Software Development Kit 12-SP3:
    
          zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1733=1
    
       - SUSE Linux Enterprise Server 12-SP4:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1733=1
    
       - SUSE Linux Enterprise Server 12-SP3:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1733=1
    
       - SUSE Linux Enterprise Desktop 12-SP4:
    
          zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1733=1
    
       - SUSE Linux Enterprise Desktop 12-SP3:
    
          zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1733=1
    
       - SUSE CaaS Platform 3.0:
    
          To install this update, use the SUSE CaaS Platform Velum dashboard.
          It will inform you if it detects new updates and let you then trigger
          updating of the complete cluster in a controlled way.
    
       - OpenStack Cloud Magnum Orchestration 7:
    
          zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1733=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64):
    
          elfutils-debuginfo-0.158-7.7.2
          elfutils-debugsource-0.158-7.7.2
          libasm-devel-0.158-7.7.2
          libdw-devel-0.158-7.7.2
          libebl-devel-0.158-7.7.2
    
       - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
    
          elfutils-debuginfo-0.158-7.7.2
          elfutils-debugsource-0.158-7.7.2
          libasm-devel-0.158-7.7.2
          libdw-devel-0.158-7.7.2
          libebl-devel-0.158-7.7.2
          libelf-devel-0.158-7.7.2
    
       - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):
    
          elfutils-0.158-7.7.2
          elfutils-debuginfo-0.158-7.7.2
          elfutils-debugsource-0.158-7.7.2
          libasm1-0.158-7.7.2
          libasm1-debuginfo-0.158-7.7.2
          libdw1-0.158-7.7.2
          libdw1-debuginfo-0.158-7.7.2
          libebl1-0.158-7.7.2
          libebl1-debuginfo-0.158-7.7.2
          libelf-devel-0.158-7.7.2
          libelf1-0.158-7.7.2
          libelf1-debuginfo-0.158-7.7.2
    
       - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64):
    
          libasm1-32bit-0.158-7.7.2
          libasm1-debuginfo-32bit-0.158-7.7.2
          libdw1-32bit-0.158-7.7.2
          libdw1-debuginfo-32bit-0.158-7.7.2
          libebl1-32bit-0.158-7.7.2
          libebl1-debuginfo-32bit-0.158-7.7.2
          libelf1-32bit-0.158-7.7.2
          libelf1-debuginfo-32bit-0.158-7.7.2
    
       - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
    
          elfutils-0.158-7.7.2
          elfutils-debuginfo-0.158-7.7.2
          elfutils-debugsource-0.158-7.7.2
          libasm1-0.158-7.7.2
          libasm1-debuginfo-0.158-7.7.2
          libdw1-0.158-7.7.2
          libdw1-debuginfo-0.158-7.7.2
          libebl1-0.158-7.7.2
          libebl1-debuginfo-0.158-7.7.2
          libelf1-0.158-7.7.2
          libelf1-debuginfo-0.158-7.7.2
    
       - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):
    
          libasm1-32bit-0.158-7.7.2
          libasm1-debuginfo-32bit-0.158-7.7.2
          libdw1-32bit-0.158-7.7.2
          libdw1-debuginfo-32bit-0.158-7.7.2
          libebl1-32bit-0.158-7.7.2
          libebl1-debuginfo-32bit-0.158-7.7.2
          libelf1-32bit-0.158-7.7.2
          libelf1-debuginfo-32bit-0.158-7.7.2
    
       - SUSE Linux Enterprise Desktop 12-SP4 (x86_64):
    
          elfutils-0.158-7.7.2
          elfutils-debuginfo-0.158-7.7.2
          elfutils-debugsource-0.158-7.7.2
          libasm1-0.158-7.7.2
          libasm1-debuginfo-0.158-7.7.2
          libdw1-0.158-7.7.2
          libdw1-32bit-0.158-7.7.2
          libdw1-debuginfo-0.158-7.7.2
          libdw1-debuginfo-32bit-0.158-7.7.2
          libebl1-0.158-7.7.2
          libebl1-32bit-0.158-7.7.2
          libebl1-debuginfo-0.158-7.7.2
          libebl1-debuginfo-32bit-0.158-7.7.2
          libelf-devel-0.158-7.7.2
          libelf1-0.158-7.7.2
          libelf1-32bit-0.158-7.7.2
          libelf1-debuginfo-0.158-7.7.2
          libelf1-debuginfo-32bit-0.158-7.7.2
    
       - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
    
          elfutils-0.158-7.7.2
          elfutils-debuginfo-0.158-7.7.2
          elfutils-debugsource-0.158-7.7.2
          libasm1-0.158-7.7.2
          libasm1-debuginfo-0.158-7.7.2
          libdw1-0.158-7.7.2
          libdw1-32bit-0.158-7.7.2
          libdw1-debuginfo-0.158-7.7.2
          libdw1-debuginfo-32bit-0.158-7.7.2
          libebl1-0.158-7.7.2
          libebl1-32bit-0.158-7.7.2
          libebl1-debuginfo-0.158-7.7.2
          libebl1-debuginfo-32bit-0.158-7.7.2
          libelf1-0.158-7.7.2
          libelf1-32bit-0.158-7.7.2
          libelf1-debuginfo-0.158-7.7.2
          libelf1-debuginfo-32bit-0.158-7.7.2
    
       - SUSE CaaS Platform 3.0 (x86_64):
    
          elfutils-0.158-7.7.2
          elfutils-debuginfo-0.158-7.7.2
          elfutils-debugsource-0.158-7.7.2
          libasm1-0.158-7.7.2
          libasm1-debuginfo-0.158-7.7.2
          libdw1-0.158-7.7.2
          libdw1-debuginfo-0.158-7.7.2
          libelf1-0.158-7.7.2
          libelf1-debuginfo-0.158-7.7.2
    
       - OpenStack Cloud Magnum Orchestration 7 (x86_64):
    
          elfutils-0.158-7.7.2
          elfutils-debuginfo-0.158-7.7.2
          elfutils-debugsource-0.158-7.7.2
          libasm1-0.158-7.7.2
          libasm1-debuginfo-0.158-7.7.2
          libdw1-0.158-7.7.2
          libdw1-debuginfo-0.158-7.7.2
          libelf1-0.158-7.7.2
          libelf1-debuginfo-0.158-7.7.2
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2016-10254.html
       https://www.suse.com/security/cve/CVE-2016-10255.html
       https://www.suse.com/security/cve/CVE-2017-7607.html
       https://www.suse.com/security/cve/CVE-2017-7608.html
       https://www.suse.com/security/cve/CVE-2017-7610.html
       https://www.suse.com/security/cve/CVE-2017-7611.html
       https://www.suse.com/security/cve/CVE-2017-7612.html
       https://www.suse.com/security/cve/CVE-2017-7613.html
       https://www.suse.com/security/cve/CVE-2018-16062.html
       https://www.suse.com/security/cve/CVE-2018-16403.html
       https://www.suse.com/security/cve/CVE-2018-18310.html
       https://www.suse.com/security/cve/CVE-2018-18520.html
       https://www.suse.com/security/cve/CVE-2018-18521.html
       https://www.suse.com/security/cve/CVE-2019-7150.html
       https://www.suse.com/security/cve/CVE-2019-7665.html
       https://bugzilla.suse.com/1030472
       https://bugzilla.suse.com/1030476
       https://bugzilla.suse.com/1033084
       https://bugzilla.suse.com/1033085
       https://bugzilla.suse.com/1033087
       https://bugzilla.suse.com/1033088
       https://bugzilla.suse.com/1033089
       https://bugzilla.suse.com/1033090
       https://bugzilla.suse.com/1106390
       https://bugzilla.suse.com/1107067
       https://bugzilla.suse.com/1111973
       https://bugzilla.suse.com/1112723
       https://bugzilla.suse.com/1112726
       https://bugzilla.suse.com/1123685
       https://bugzilla.suse.com/1125007
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.