Oval Definition:oval:org.opensuse.security:def:124865
Revision Date:2019-07-03Version:1
Title:Security update for elfutils (Low)
Description:

This update for elfutils fixes the following issues:

Security issues fixed:

- CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726).
Family:unixClass:patch
Status:Reference(s):1030472
1030476
1033084
1033085
1033087
1033088
1033089
1033090
1106390
1107067
1111973
1112723
1112726
1123685
1125007
CVE-2016-10254
CVE-2016-10255
CVE-2017-7607
CVE-2017-7608
CVE-2017-7610
CVE-2017-7611
CVE-2017-7612
CVE-2017-7613
CVE-2018-16062
CVE-2018-16403
CVE-2018-18310
CVE-2018-18520
CVE-2018-18521
CVE-2019-7150
CVE-2019-7665
SUSE-SU-2019:1733-1
Platform(s):SUSE Linux Enterprise Desktop 12 SP4
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • elfutils-0.158-7.7.2 is installed
  • OR libasm1-0.158-7.7.2 is installed
  • OR libdw1-0.158-7.7.2 is installed
  • OR libdw1-32bit-0.158-7.7.2 is installed
  • OR libebl1-0.158-7.7.2 is installed
  • OR libebl1-32bit-0.158-7.7.2 is installed
  • OR libelf-devel-0.158-7.7.2 is installed
  • OR libelf1-0.158-7.7.2 is installed
  • OR libelf1-32bit-0.158-7.7.2 is installed
  • BACK