Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 28 articles for you...
202

openSUSE: elfutils Moderate Denial of Service Fix 2025:4092-1

An update that solves four vulnerabilities can now be installed.. # Security update for elfutils Announcement ID: SUSE-SU-2025:4092-1 Release Date: 2025-11-24T09:09:10Z Rating: moderate References: * bsc#1237236 * bsc#1237240 * bsc#1237241 * bsc#1237242 Cross-References: * CVE-2025-1352 * CVE-2025-1372 * CVE-2025-1376 * CVE-2025-1377 CVSS scores: * CVE-2025-1352 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-1352 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-1352 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1352 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-1352 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1372 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-1372 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-1372 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1372 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-1372 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-1376 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-1376 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-1376 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1376 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-1376 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-1377 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-1377 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2025-1377 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1377 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-1377 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSEManager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves four vulnerabilities can now be installed. ## Description: This update for elfutils fixes the following issues: * Fixing build/testsuite for more recent glibc and kernels. * Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): * CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip * CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip * CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf * CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf * Fixing testsuite race conditions in run-debuginfod-find.sh. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4092=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4092=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-4092=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4092=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-4092=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-4092=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-4092=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patchSUSE-SLE-Micro-5.3-2025-4092=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-4092=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-4092=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-4092=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4092=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4092=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4092=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4092=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4092=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4092=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4092=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4092=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4092=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 *elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Manager Proxy 4.3 LTS (x86_64) * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libelf1-32bit-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * libelf1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * SUSE Manager Proxy 4.3 LTS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 *libelf1-debuginfo-0.185-150400.5.8.3 * libelf1-32bit-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * libelf1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * SUSE Manager Retail Branch Server 4.3 LTS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Manager Server 4.3 LTS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Manager Server 4.3 LTS (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 *libelf1-32bit-debuginfo-0.185-150400.5.8.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libdw-devel-0.185-150400.5.8.3 * libdebuginfod-dummy-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * debuginfod-dummy-client-debuginfo-0.185-150400.5.8.3 * debuginfod-dummy-client-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * libelf1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-dummy-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libdebuginfod1-dummy-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * openSUSE Leap 15.4 (noarch) * elfutils-lang-0.185-150400.5.8.3 * openSUSE Leap 15.4 (x86_64) * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * libasm1-32bit-0.185-150400.5.8.3 * libelf-devel-32bit-0.185-150400.5.8.3 * libelf1-32bit-0.185-150400.5.8.3 * libasm1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * openSUSE Leap 15.4 (aarch64_ilp32) * libasm1-64bit-debuginfo-0.185-150400.5.8.3 * libdw1-64bit-debuginfo-0.185-150400.5.8.3 * libasm1-64bit-0.185-150400.5.8.3 * libelf1-64bit-debuginfo-0.185-150400.5.8.3 * libelf-devel-64bit-0.185-150400.5.8.3 * libdw1-64bit-0.185-150400.5.8.3 * libelf1-64bit-0.185-150400.5.8.3 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) *libdw-devel-0.185-150400.5.8.3 * libdebuginfod-dummy-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * debuginfod-dummy-client-debuginfo-0.185-150400.5.8.3 * debuginfod-dummy-client-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * libelf1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-dummy-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libdebuginfod1-dummy-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * openSUSE Leap 15.6 (noarch) * elfutils-lang-0.185-150400.5.8.3 * openSUSE Leap 15.6 (x86_64) * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * libasm1-32bit-0.185-150400.5.8.3 * libelf-devel-32bit-0.185-150400.5.8.3 * libelf1-32bit-0.185-150400.5.8.3 * libasm1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libelf1-0.185-150400.5.8.3 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libelf1-0.185-150400.5.8.3 *elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libelf1-0.185-150400.5.8.3 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libelf1-0.185-150400.5.8.3 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 *libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * Basesystem Module 15-SP6 (noarch) * elfutils-lang-0.185-150400.5.8.3 * Basesystem Module 15-SP6 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * Basesystem Module 15-SP7 (noarch) * elfutils-lang-0.185-150400.5.8.3 * Basesystem Module 15-SP7 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) *libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 *elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libelf1-32bit-0.185-150400.5.8.3 *libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 ## References: * https://www.suse.com/security/cve/CVE-2025-1352.html * https://www.suse.com/security/cve/CVE-2025-1372.html * https://www.suse.com/security/cve/CVE-2025-1376.html * https://www.suse.com/security/cve/CVE-2025-1377.html * https://bugzilla.suse.com/show_bug.cgi?id=1237236 * https://bugzilla.suse.com/show_bug.cgi?id=1237240 * https://bugzilla.suse.com/show_bug.cgi?id=1237241 * https://bugzilla.suse.com/show_bug.cgi?id=1237242 . An openSUSE advisory addressing moderate vulnerabilities in elfutils involves updates fixing buffer overflows and DoS.. openSUSE elfutils security update, SUSE vulnerability fix, openSUSE advisory. . LinuxSecurity.com Team

Calendar%202 Nov 24, 2025 OpenSUSE
100

SUSE: elfutils Moderate DoS & Buffer Overflow Issues 2025:4092-1

* bsc#1237236 * bsc#1237240 * bsc#1237241 * bsc#1237242 . # Security update for elfutils Announcement ID: SUSE-SU-2025:4092-1 Release Date: 2025-11-24T09:09:10Z Rating: moderate References: * bsc#1237236 * bsc#1237240 * bsc#1237241 * bsc#1237242 Cross-References: * CVE-2025-1352 * CVE-2025-1372 * CVE-2025-1376 * CVE-2025-1377 CVSS scores: * CVE-2025-1352 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-1352 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-1352 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1352 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-1352 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1372 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-1372 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-1372 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1372 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-1372 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-1376 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-1376 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-1376 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1376 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-1376 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-1377 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-1377 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2025-1377 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1377 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-1377 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE ManagerServer 4.3 * SUSE Manager Server 4.3 LTS An update that solves four vulnerabilities can now be installed. ## Description: This update for elfutils fixes the following issues: * Fixing build/testsuite for more recent glibc and kernels. * Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): * CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip * CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip * CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf * CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf * Fixing testsuite race conditions in run-debuginfod-find.sh. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4092=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4092=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-4092=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4092=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-4092=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-4092=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-4092=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-4092=1 *SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-4092=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-4092=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-4092=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4092=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4092=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4092=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4092=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4092=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4092=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4092=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4092=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4092=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Manager Proxy 4.3 LTS (x86_64) * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libelf1-32bit-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * libelf1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * SUSE Manager Proxy 4.3 LTS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 *libelf1-32bit-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * libelf1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * SUSE Manager Retail Branch Server 4.3 LTS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Manager Server 4.3 LTS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Manager Server 4.3 LTS (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * openSUSE Leap 15.4(aarch64 ppc64le s390x x86_64 i586) * libdw-devel-0.185-150400.5.8.3 * libdebuginfod-dummy-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * debuginfod-dummy-client-debuginfo-0.185-150400.5.8.3 * debuginfod-dummy-client-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * libelf1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-dummy-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libdebuginfod1-dummy-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * openSUSE Leap 15.4 (noarch) * elfutils-lang-0.185-150400.5.8.3 * openSUSE Leap 15.4 (x86_64) * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * libasm1-32bit-0.185-150400.5.8.3 * libelf-devel-32bit-0.185-150400.5.8.3 * libelf1-32bit-0.185-150400.5.8.3 * libasm1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * openSUSE Leap 15.4 (aarch64_ilp32) * libasm1-64bit-debuginfo-0.185-150400.5.8.3 * libdw1-64bit-debuginfo-0.185-150400.5.8.3 * libasm1-64bit-0.185-150400.5.8.3 * libelf1-64bit-debuginfo-0.185-150400.5.8.3 * libelf-devel-64bit-0.185-150400.5.8.3 * libdw1-64bit-0.185-150400.5.8.3 * libelf1-64bit-0.185-150400.5.8.3 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libdw-devel-0.185-150400.5.8.3 * libdebuginfod-dummy-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * debuginfod-dummy-client-debuginfo-0.185-150400.5.8.3 * debuginfod-dummy-client-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * libelf1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-dummy-debuginfo-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libdebuginfod1-dummy-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * openSUSE Leap 15.6 (noarch) * elfutils-lang-0.185-150400.5.8.3 * openSUSE Leap 15.6 (x86_64) * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * libasm1-32bit-0.185-150400.5.8.3 * libelf-devel-32bit-0.185-150400.5.8.3 * libelf1-32bit-0.185-150400.5.8.3 * libasm1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libelf1-0.185-150400.5.8.3 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libelf1-0.185-150400.5.8.3 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 *libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libelf1-0.185-150400.5.8.3 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libelf1-0.185-150400.5.8.3 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * libasm1-debuginfo-0.185-150400.5.8.3 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 *elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * Basesystem Module 15-SP6 (noarch) * elfutils-lang-0.185-150400.5.8.3 * Basesystem Module 15-SP6 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * Basesystem Module 15-SP7 (noarch) * elfutils-lang-0.185-150400.5.8.3 * Basesystem Module 15-SP7 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) *elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 *libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 *SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 * libdw1-debuginfo-0.185-150400.5.8.3 * libdebuginfod-devel-0.185-150400.5.8.2 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libelf1-0.185-150400.5.8.3 * libasm-devel-0.185-150400.5.8.3 * elfutils-debuginfod-0.185-150400.5.8.2 * elfutils-debuginfod-debugsource-0.185-150400.5.8.2 * libdw-devel-0.185-150400.5.8.3 * libdebuginfod1-debuginfo-0.185-150400.5.8.2 * elfutils-0.185-150400.5.8.3 * libasm1-0.185-150400.5.8.3 * libdebuginfod1-0.185-150400.5.8.2 * libelf-devel-0.185-150400.5.8.3 * libelf1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-0.185-150400.5.8.2 * elfutils-debuginfod-debuginfo-0.185-150400.5.8.2 * libasm1-debuginfo-0.185-150400.5.8.3 * debuginfod-client-debuginfo-0.185-150400.5.8.2 * elfutils-debugsource-0.185-150400.5.8.3 * libdw1-0.185-150400.5.8.3 *libdw1-debuginfo-0.185-150400.5.8.3 * elfutils-debuginfo-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * elfutils-lang-0.185-150400.5.8.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libelf1-32bit-0.185-150400.5.8.3 * libdw1-32bit-debuginfo-0.185-150400.5.8.3 * libdw1-32bit-0.185-150400.5.8.3 * libelf1-32bit-debuginfo-0.185-150400.5.8.3 ## References: * https://www.suse.com/security/cve/CVE-2025-1352.html * https://www.suse.com/security/cve/CVE-2025-1372.html * https://www.suse.com/security/cve/CVE-2025-1376.html * https://www.suse.com/security/cve/CVE-2025-1377.html * https://bugzilla.suse.com/show_bug.cgi?id=1237236 * https://bugzilla.suse.com/show_bug.cgi?id=1237240 * https://bugzilla.suse.com/show_bug.cgi?id=1237241 * https://bugzilla.suse.com/show_bug.cgi?id=1237242 . This update addresses moderate security issues in elfutils, including denial of service and buffer overflow vulnerabilities.. elfutils security patch, SUSE elfutils update, Linux security advisory. . LinuxSecurity.com Team

Calendar%202 Nov 24, 2025 SuSE
203

Mageia 2025-0119: elfutils Security Advisory Updates

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. (CVE-2024-25260) GNU elfutils eu-readelf readelf.c print_string_section buffer overflow. (CVE-2025-1372) GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service. . MGASA-2025-0119 - Updated elfutils packages fix security vulnerabilities Publication date: 31 Mar 2025 URL: https://advisories.mageia.org/MGASA-2025-0119.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-25260, CVE-2025-1372, CVE-2025-1377 elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. (CVE-2024-25260) GNU elfutils eu-readelf readelf.c print_string_section buffer overflow. (CVE-2025-1372) GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service. (CVE-2025-1377) References: - https://bugs.mageia.org/show_bug.cgi?id=34134 - https://ubuntu.com/security/notices/USN-7369-1 - https://www.cve.org/CVERecord?id=CVE-2024-25260 - https://www.cve.org/CVERecord?id=CVE-2025-1372 - https://www.cve.org/CVERecord?id=CVE-2025-1377 SRPMS: - 9/core/elfutils-0.189-1.1.mga9 . elfutils updates for Mageia address critical NULL pointer dereference and DoS issues. Stay secure with timely patches.. elfutils, contain, pointer, dereference, handle_verdef(), functio. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 31, 2025 Critical Mageia
172

Ubuntu 7369-1: elfutils Security Advisory Updates

Several security issues were fixed in elfutils.. ========================================================================== Ubuntu Security Notice USN-7369-1 March 24, 2025 elfutils vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in elfutils. Software Description: - elfutils: collection of utilities to handle ELF objects Details: It was discovered that readelf from elfutils could be made to read out of bounds. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-25260) It was discovered that readelf from elfutils could be made to write out of bounds. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1365) It was discovered that readelf from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1371) It was discovered that readelf from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. (CVE-2025-1372) It was discovered that strip from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running strip on aspecially crafted file, an attacker could cause strip to crash, resulting in a denial of service. (CVE-2025-1377) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 elfutils 0.191-2ubuntu0.1 Ubuntu 24.04 LTS elfutils 0.190-1.1ubuntu0.1 Ubuntu 22.04 LTS elfutils 0.186-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7369-1 CVE-2024-25260, CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, CVE-2025-1377 Package Information: https://launchpad.net/ubuntu/+source/elfutils/0.191-2ubuntu0.1 https://launchpad.net/ubuntu/+source/elfutils/0.190-1.1ubuntu0.1 https://launchpad.net/ubuntu/+source/elfutils/0.186-1ubuntu0.1 . Security updates for elfutils fixed critical issues affecting Ubuntu 22.04 LTS and later versions, including a DoS risk.. security, elfutils, ====================================================. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 24, 2025 Critical Ubuntu
197

Debian 10: DLA-3579-1 Critical: Elfutils Denial of Service

An issue has been found in elfutils, a collection of utilities to handle ELF objects. Due to missing bound checks and reachable asserts, an attacker can . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3579-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz September 23, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : elfutils Version : 0.176-1.1+deb10u1 CVE ID : CVE-2020-21047 An issue has been found in elfutils, a collection of utilities to handle ELF objects. Due to missing bound checks and reachable asserts, an attacker can use crafted elf files to trigger application crashes that result in denial-of-services. For Debian 10 buster, this problem has been fixed in version 0.176-1.1+deb10u1. We recommend that you upgrade your elfutils packages. For the detailed security status of elfutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/elfutils Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-4701-1 concerns a vulnerability in libcurl, urging users to apply the latest patches promptly.. Debian LTS, Elfutils, Denial Of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 23, 2023 Critical Debian LTS
172

Ubuntu 20.04 LTS USN-6322-1 Critical: Elfutils Denial of Service

Several security issues were fixed in elfutils.. ========================================================================== Ubuntu Security Notice USN-6322-1 August 30, 2023 elfutils vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in elfutils. Software Description: - elfutils: collection of utilities to handle ELF objects Details: It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-16062, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665) It was discovered that elfutils incorrectly handled bounds checks in certain functions when processing malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. (CVE-2020-21047, CVE-2021-33294) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: elfutils 0.176-1.1ubuntu0.1 libasm1 0.176-1.1ubuntu0.1 libdw1 0.176-1.1ubuntu0.1 libelf1 0.176-1.1ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): elfutils 0.170-0.4ubuntu0.1+esm1 libasm1 0.170-0.4ubuntu0.1+esm1 libdw1 0.170-0.4ubuntu0.1+esm1 libelf1 0.170-0.4ubuntu0.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): elfutils 0.165-3ubuntu1.2+esm1 libasm1 0.165-3ubuntu1.2+esm1 libdw1 0.165-3ubuntu1.2+esm1 libelf10.165-3ubuntu1.2+esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): elfutils 0.158-0ubuntu5.3+esm1 libasm1 0.158-0ubuntu5.3+esm1 libdw1 0.158-0ubuntu5.3+esm1 libelf1 0.158-0ubuntu5.3+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6322-1 CVE-2018-16062, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665, CVE-2020-21047, CVE-2021-33294 Package Information: https://launchpad.net/ubuntu/+source/elfutils/0.176-1.1ubuntu0.1 . Recent vulnerabilities in Ubuntu's LTS elfutils could lead to unauthorized resource access; users should promptly update their systems for enhanced security. Ubuntu Security Notice, elfutils, denial of service, LTS updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 30, 2023 Critical Ubuntu
100

openSUSE Leap Micro 5.2: 2022:2614-2 Moderate Security Fix for Dwarves

An update that fixes 19 vulnerabilities, contains one feature is now available. . SUSE Security Update: Security update for dwarves and elfutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2614-2 Rating: moderate References: #1033084 #1033085 #1033086 #1033087 #1033088 #1033089 #1033090 #1082318 #1104264 #1106390 #1107066 #1107067 #1111973 #1112723 #1112726 #1123685 #1125007 SLE-24501 Cross-References: CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVSS scores: CVE-2017-7607 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7607 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7608 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7609 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7609 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7610 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7610 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7611 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7611 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7612 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7612 (SUSE): 3.3CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7613 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7613 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-16062 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-16062 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-16402 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-16402 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-16403 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-16403 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18310 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18310 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18520 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18520 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18521 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18521 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-7146 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7148 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7149 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7150 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7150 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-7664 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7664 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-7665 (NVD) : 5.5CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7665 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes 19 vulnerabilities, contains one feature is now available. Description: This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variantsBPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installationmethods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2614=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): dwarves-1.22-150300.7.3.1 dwarves-debuginfo-1.22-150300.7.3.1 dwarves-debugsource-1.22-150300.7.3.1 elfutils-0.177-150300.11.3.1 elfutils-debuginfo-0.177-150300.11.3.1 elfutils-debugsource-0.177-150300.11.3.1 libasm1-0.177-150300.11.3.1 libasm1-debuginfo-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libdw1-debuginfo-0.177-150300.11.3.1 libdwarves-devel-1.22-150300.7.3.1 libdwarves1-1.22-150300.7.3.1 libdwarves1-debuginfo-1.22-150300.7.3.1 libebl-plugins-0.177-150300.11.3.1 libebl-plugins-debuginfo-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libelf1-debuginfo-0.177-150300.11.3.1 References: https://www.suse.com/security/cve/CVE-2017-7607.html https://www.suse.com/security/cve/CVE-2017-7608.html https://www.suse.com/security/cve/CVE-2017-7609.html https://www.suse.com/security/cve/CVE-2017-7610.html https://www.suse.com/security/cve/CVE-2017-7611.html https://www.suse.com/security/cve/CVE-2017-7612.html https://www.suse.com/security/cve/CVE-2017-7613.html https://www.suse.com/security/cve/CVE-2018-16062.html https://www.suse.com/security/cve/CVE-2018-16402.html https://www.suse.com/security/cve/CVE-2018-16403.html https://www.suse.com/security/cve/CVE-2018-18310.html https://www.suse.com/security/cve/CVE-2018-18520.html https://www.suse.com/security/cve/CVE-2018-18521.html https://www.suse.com/security/cve/CVE-2019-7146.html https://www.suse.com/security/cve/CVE-2019-7148.html https://www.suse.com/security/cve/CVE-2019-7149.html https://www.suse.com/security/cve/CVE-2019-7150.html https://www.suse.com/security/cve/CVE-2019-7664.html https://www.suse.com/security/cve/CVE-2019-7665.html https://bugzilla.suse.com/1033084 https://bugzilla.suse.com/1033085 https://bugzilla.suse.com/1033086 https://bugzilla.suse.com/1033087 https://bugzilla.suse.com/1033088 https://bugzilla.suse.com/1033089 https://bugzilla.suse.com/1033090 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1104264 https://bugzilla.suse.com/1106390 https://bugzilla.suse.com/1107066 https://bugzilla.suse.com/1107067 https://bugzilla.suse.com/1111973 https://bugzilla.suse.com/1112723 https://bugzilla.suse.com/1112726 https://bugzilla.suse.com/1123685 https://bugzilla.suse.com/1125007 . The latest patch for dwarf utilities and elfutils addresses 19 moderate-severity vulnerabilities, enhancing the overall security posture of openSUSE.. openSUSE Update, moderate Security Advisory, elfutils issues, dwarves support. . LinuxSecurity.com Team

Calendar%202 Sep 01, 2022 SuSE
100

SUSE: 2022:2614-1 Moderate: Dwarves And Elfutils Security Advisory

An update that fixes 19 vulnerabilities, contains one feature is now available. . SUSE Security Update: Security update for dwarves and elfutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2614-1 Rating: moderate References: #1033084 #1033085 #1033086 #1033087 #1033088 #1033089 #1033090 #1082318 #1104264 #1106390 #1107066 #1107067 #1111973 #1112723 #1112726 #1123685 #1125007 SLE-24501 Cross-References: CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVSS scores: CVE-2017-7607 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7607 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7608 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7609 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7609 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7610 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7610 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7611 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7611 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7612 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7612 (SUSE): 3.3CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7613 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7613 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-16062 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-16062 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-16402 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-16402 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-16403 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-16403 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18310 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18310 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18520 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18520 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18521 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18521 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-7146 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7148 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7149 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7150 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7150 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-7664 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7664 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-7665 (NVD) : 5.5CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7665 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 19 vulnerabilities, contains one feature is now available. Description: This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn dataread from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular variousfunctions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section arecurrently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow inebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2614=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2614=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2614=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2614=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dwarves-1.22-150300.7.3.1 dwarves-debuginfo-1.22-150300.7.3.1 dwarves-debugsource-1.22-150300.7.3.1 elfutils-0.177-150300.11.3.1 elfutils-debuginfo-0.177-150300.11.3.1 elfutils-debugsource-0.177-150300.11.3.1 libasm-devel-0.177-150300.11.3.1 libasm1-0.177-150300.11.3.1 libasm1-debuginfo-0.177-150300.11.3.1 libdw-devel-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libdw1-debuginfo-0.177-150300.11.3.1 libdwarves-devel-1.22-150300.7.3.1 libdwarves1-1.22-150300.7.3.1 libdwarves1-debuginfo-1.22-150300.7.3.1 libebl-devel-0.177-150300.11.3.1 libebl-plugins-0.177-150300.11.3.1 libebl-plugins-debuginfo-0.177-150300.11.3.1 libelf-devel-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libelf1-debuginfo-0.177-150300.11.3.1 - openSUSE Leap 15.3 (x86_64): libasm1-32bit-0.177-150300.11.3.1 libasm1-32bit-debuginfo-0.177-150300.11.3.1 libdw1-32bit-0.177-150300.11.3.1 libdw1-32bit-debuginfo-0.177-150300.11.3.1 libdwarves-devel-32bit-1.22-150300.7.3.1 libdwarves1-32bit-1.22-150300.7.3.1 libdwarves1-32bit-debuginfo-1.22-150300.7.3.1 libebl-plugins-32bit-0.177-150300.11.3.1 libebl-plugins-32bit-debuginfo-0.177-150300.11.3.1 libelf-devel-32bit-0.177-150300.11.3.1 libelf1-32bit-0.177-150300.11.3.1 libelf1-32bit-debuginfo-0.177-150300.11.3.1 - openSUSE Leap 15.3 (noarch): elfutils-lang-0.177-150300.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dwarves-1.22-150300.7.3.1 dwarves-debuginfo-1.22-150300.7.3.1 dwarves-debugsource-1.22-150300.7.3.1 elfutils-0.177-150300.11.3.1 elfutils-debuginfo-0.177-150300.11.3.1 elfutils-debugsource-0.177-150300.11.3.1 libasm-devel-0.177-150300.11.3.1 libasm1-0.177-150300.11.3.1 libasm1-debuginfo-0.177-150300.11.3.1 libdw-devel-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libdw1-debuginfo-0.177-150300.11.3.1 libdwarves-devel-1.22-150300.7.3.1 libdwarves1-1.22-150300.7.3.1 libdwarves1-debuginfo-1.22-150300.7.3.1 libebl-devel-0.177-150300.11.3.1 libebl-plugins-0.177-150300.11.3.1 libebl-plugins-debuginfo-0.177-150300.11.3.1 libelf-devel-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libelf1-debuginfo-0.177-150300.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): elfutils-lang-0.177-150300.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdw1-32bit-0.177-150300.11.3.1 libdw1-32bit-debuginfo-0.177-150300.11.3.1 libdwarves-devel-32bit-1.22-150300.7.3.1 libdwarves1-32bit-1.22-150300.7.3.1 libdwarves1-32bit-debuginfo-1.22-150300.7.3.1 libebl-plugins-32bit-0.177-150300.11.3.1 libebl-plugins-32bit-debuginfo-0.177-150300.11.3.1 libelf1-32bit-0.177-150300.11.3.1 libelf1-32bit-debuginfo-0.177-150300.11.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dwarves-1.22-150300.7.3.1 dwarves-debuginfo-1.22-150300.7.3.1 dwarves-debugsource-1.22-150300.7.3.1 elfutils-0.177-150300.11.3.1 elfutils-debuginfo-0.177-150300.11.3.1 elfutils-debugsource-0.177-150300.11.3.1 libasm1-0.177-150300.11.3.1 libasm1-debuginfo-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libdw1-debuginfo-0.177-150300.11.3.1 libdwarves-devel-1.22-150300.7.3.1 libdwarves1-1.22-150300.7.3.1 libdwarves1-debuginfo-1.22-150300.7.3.1 libebl-plugins-0.177-150300.11.3.1 libebl-plugins-debuginfo-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libelf1-debuginfo-0.177-150300.11.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dwarves-1.22-150300.7.3.1 dwarves-debuginfo-1.22-150300.7.3.1 dwarves-debugsource-1.22-150300.7.3.1 elfutils-0.177-150300.11.3.1 elfutils-debuginfo-0.177-150300.11.3.1 elfutils-debugsource-0.177-150300.11.3.1 libasm1-0.177-150300.11.3.1 libasm1-debuginfo-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libdw1-debuginfo-0.177-150300.11.3.1 libdwarves-devel-1.22-150300.7.3.1 libdwarves1-1.22-150300.7.3.1 libdwarves1-debuginfo-1.22-150300.7.3.1 libebl-plugins-0.177-150300.11.3.1 libebl-plugins-debuginfo-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libelf1-debuginfo-0.177-150300.11.3.1 References: https://www.suse.com/security/cve/CVE-2017-7607.html https://www.suse.com/security/cve/CVE-2017-7608.html https://www.suse.com/security/cve/CVE-2017-7609.html https://www.suse.com/security/cve/CVE-2017-7610.html https://www.suse.com/security/cve/CVE-2017-7611.html https://www.suse.com/security/cve/CVE-2017-7612.html https://www.suse.com/security/cve/CVE-2017-7613.html https://www.suse.com/security/cve/CVE-2018-16062.html https://www.suse.com/security/cve/CVE-2018-16402.html https://www.suse.com/security/cve/CVE-2018-16403.html https://www.suse.com/security/cve/CVE-2018-18310.html https://www.suse.com/security/cve/CVE-2018-18520.html https://www.suse.com/security/cve/CVE-2018-18521.html https://www.suse.com/security/cve/CVE-2019-7146.html https://www.suse.com/security/cve/CVE-2019-7148.html https://www.suse.com/security/cve/CVE-2019-7149.html https://www.suse.com/security/cve/CVE-2019-7150.html https://www.suse.com/security/cve/CVE-2019-7664.html https://www.suse.com/security/cve/CVE-2019-7665.html https://bugzilla.suse.com/1033084 https://bugzilla.suse.com/1033085 https://bugzilla.suse.com/1033086 https://bugzilla.suse.com/1033087 https://bugzilla.suse.com/1033088 https://bugzilla.suse.com/1033089 https://bugzilla.suse.com/1033090 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1104264 https://bugzilla.suse.com/1106390 https://bugzilla.suse.com/1107066 https://bugzilla.suse.com/1107067 https://bugzilla.suse.com/1111973 https://bugzilla.suse.com/1112723 https://bugzilla.suse.com/1112726 https://bugzilla.suse.com/1123685 https://bugzilla.suse.com/1125007 . Oracle releases a patch to address various security flaws in Liberty and JBoss, improving infrastructure reliability.. SUSE Security Update,dwarves patch,elfutils vulnerabilities,security update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 01, 2022 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200