SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1737-1
Container Tags        : bci/bci-init:15.3 , bci/bci-init:15.3.17.33
Container Release     : 17.33
Severity              : moderate
Type                  : security
References            : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1082318
                        1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685
                        1125007 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610
                        CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402
                        CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146
                        CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665
-----------------------------------------------------------------

The container bci/bci-init was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released:    Mon Aug  1 10:41:04 2022
Summary:     Security update for dwarves and elfutils
Type:        security
Severity:    moderate
References:  1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:

elfutils was updated to version 0.177 (jsc#SLE-24501):
  
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
             Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
            dwelf_elf_begin now only returns NULL when there is an error
            reading or decompressing a file. If the file is not an ELF file
            an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
  
Update to version 0.176:

- build: Add new --enable-install-elfh option.
         Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
  - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
  - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
  
Update to version 0.175:
  
- readelf: Handle mutliple .debug_macro sections.
           Recognize and parse GNU Property, NT_VERSION and
           GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
         Add strip --reloc-debug-sections-only option.
         Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
            and BPF_JSLE.
    backends: RISCV handles ADD/SUB relocations.
              Handle SHT_X86_64_UNWIND.
  - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
  - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
  - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
  
Update to version 0.174:
  
- libelf, libdw and all tools now handle extended shnum and
  shstrndx correctly.
  
- elfcompress: Don't rewrite input file if no section data needs
               updating. Try harder to keep same file mode bits
               (suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
            generate CFI based backtraces.
- Fixes:
  - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
  - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
  - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
    
Update to version 0.173:
  
- More fixes for crashes and hangs found by afl-fuzz. In particular various
  functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
           to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
         dwarf_begin_elf now accepts ELF files containing just .debug_line
         or .debug_frame sections (which can be read without needing a DIE
         tree from the .debug_info section).
         Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
            The RISCV backends now handles ABI specific CFI and knows about
            RISCV register types and names.
  
Update to version 0.172:
  
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
  Thanks to running the afl fuzzer on eu-readelf and various testcases.
  
Update to version 0.171:
  
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
  Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
  .debug_loclists, .debug_str_offsets and .debug_rnglists.  Plus the new
  DWARF5 and GNU DebugFission encodings of the existing .debug sections.
  Also in split DWARF .dwo (DWARF object) files.  This support is mostly
  handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
  dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
  sections and data formats.  But some new functions have been added
  to more easily get information about skeleton and split compile units
  (dwarf_get_units and dwarf_cu_info), handle new attribute data
  (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
  that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
  files, the .debug_names index, the .debug_cu_index and .debug_tu_index
  sections. Only a single .debug_info (and .debug_types) section are
  currently handled.
- readelf: Handle all new DWARF5 sections.
           --debug-dump=info+ will show split unit DIEs when found.
           --dwarf-skeleton can be used when inspecting a .dwo file.
     Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
         dwarf_getabbrevattr_data and dwarf_cu_info.
         libdw will now try to resolve the alt file on first use of
         an alt attribute FORM when not set yet with dwarf_set_alt.
         dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
  backends: Add a RISC-V backend.
  
  There were various improvements to build on Windows.
  The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
         calling convention, defaulted member function and macro constants
         to dwarf.h.
	 New functions dwarf_default_lower_bound and dwarf_line_file.
  	 dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
  	 dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
            Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
  - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
  - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
  - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
  - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
  - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
  - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
  - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
  already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.


The following package changes have been done:

- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- container:sles15-image-15.0.0-17.20.8 updated

SUSE: 2022:1737-1 bci/bci-init Security Update

August 3, 2022
The container bci/bci-init was updated

Summary

Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate

References

References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1082318

1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685

1125007 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610

CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402

CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146

CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665

1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665

This update for dwarves and elfutils fixes the following issues:

elfutils was updated to version 0.177 (jsc#SLE-24501):

- elfclassify: New tool to analyze ELF objects.

- readelf: Print DW_AT_data_member_location as decimal offset.

Decode DW_AT_discr_list block attributes.

- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.

- libdwelf: Add dwelf_elf_e_machine_string.

dwelf_elf_begin now only returns NULL when there is an error

reading or decompressing a file. If the file is not an ELF file

an ELF handle of type ELF_K_NONE is returned.

- backends: Add support for C-SKY.

Update to version 0.176:

- build: Add new --enable-install-elfh option.

Do NOT use this for system installs (it overrides glibc elf.h).

- backends: riscv improved core file and return value location support.

- Fixes:

- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)

- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)

Update to version 0.175:

- readelf: Handle mutliple .debug_macro sections.

Recognize and parse GNU Property, NT_VERSION and

GNU Build Attribute ELF Notes.

- strip: Handle SHT_GROUP correctly.

Add strip --reloc-debug-sections-only option.

Handle relocations against GNU compressed sections.

- libdwelf: New function dwelf_elf_begin.

- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT

and BPF_JSLE.

backends: RISCV handles ADD/SUB relocations.

Handle SHT_X86_64_UNWIND.

- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)

- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)

- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)

Update to version 0.174:

- libelf, libdw and all tools now handle extended shnum and

shstrndx correctly.

- elfcompress: Don't rewrite input file if no section data needs

updating. Try harder to keep same file mode bits

(suid) on rewrite.

- strip: Handle mixed (out of order) allocated/non-allocated sections.

- unstrip: Handle SHT_GROUP sections.

- backends: RISCV and M68K now have backend implementations to

generate CFI based backtraces.

- Fixes:

- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf

- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)

- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)

Update to version 0.173:

- More fixes for crashes and hangs found by afl-fuzz. In particular various

functions now detect and break infinite loops caused by bad DIE tree cycles.

- readelf: Will now lookup the size and signedness of constant value types

to display them correctly (and not just how they were encoded).

- libdw: New function dwarf_next_lines to read CU-less .debug_line data.

dwarf_begin_elf now accepts ELF files containing just .debug_line

or .debug_frame sections (which can be read without needing a DIE

tree from the .debug_info section).

Removed dwarf_getscn_info, which was never implemented.

- backends: Handle BPF simple relocations.

The RISCV backends now handles ABI specific CFI and knows about

RISCV register types and names.

Update to version 0.172:

- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.

Thanks to running the afl fuzzer on eu-readelf and various testcases.

Update to version 0.171:

- DWARF5 and split dwarf, including GNU DebugFission, are supported now.

Data can be read from the new DWARF sections .debug_addr, .debug_line_str,

.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new

DWARF5 and GNU DebugFission encodings of the existing .debug sections.

Also in split DWARF .dwo (DWARF object) files. This support is mostly

handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,

dwarf_ranges, dwarf_form*, etc.) now returning the data from the new

sections and data formats. But some new functions have been added

to more easily get information about skeleton and split compile units

(dwarf_get_units and dwarf_cu_info), handle new attribute data

(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies

that might come from different sections or files (dwarf_die_addr_die).

- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)

files, the .debug_names index, the .debug_cu_index and .debug_tu_index

sections. Only a single .debug_info (and .debug_types) section are

currently handled.

- readelf: Handle all new DWARF5 sections.

--debug-dump=info+ will show split unit DIEs when found.

--dwarf-skeleton can be used when inspecting a .dwo file.

Recognizes GNU locviews with --debug-dump=loc.

- libdw: New functions dwarf_die_addr_die, dwarf_get_units,

dwarf_getabbrevattr_data and dwarf_cu_info.

libdw will now try to resolve the alt file on first use of

an alt attribute FORM when not set yet with dwarf_set_alt.

dwarf_aggregate_size() now works with multi-dimensional arrays.

- libdwfl: Use process_vm_readv when available instead of ptrace.

backends: Add a RISC-V backend.

There were various improvements to build on Windows.

The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

- libdw: Added new DWARF5 attribute, tag, character encoding, language code,

calling convention, defaulted member function and macro constants

to dwarf.h.

New functions dwarf_default_lower_bound and dwarf_line_file.

dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.

dwarf_getmacros now handles DWARF5 .debug_macro sections.

- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.

- backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.

Frame pointer unwinding fallback support for i386, x86_64, aarch64.

- translations: Update Polish translation.

- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)

- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)

- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)

- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)

- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)

- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)

- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)

- Don't make elfutils recommend elfutils-lang as elfutils-lang

already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.

The following package changes have been done:

- libdw1-0.177-150300.11.3.1 updated

- libebl-plugins-0.177-150300.11.3.1 updated

- libelf1-0.177-150300.11.3.1 updated

- container:sles15-image-15.0.0-17.20.8 updated

Severity
Container Advisory ID : SUSE-CU-2022:1737-1
Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.17.33
Container Release : 17.33
Severity : moderate
Type : security

Related News