OVAL Reference oval:org.opensuse.security:def:50611

Oval Definition:

oval:org.opensuse.security:def:50611

Revision Date:	2020-12-01	Version:	1
Title:	Security update for elfutils (Moderate)
Description:	This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)
Family:	unix	Class:	patch
Status:		Reference(s):	1033084 1033085 1033086 1033087 1033088 1033089 1033090 1101644 1101645 1101651 1101656 1104841 1106390 1106812 1107066 1107067 1111973 1112723 1112726 1121567 1123360 1123685 1124957 1125007 1125080 1125899 1127838 1129528 1131984 1132396 1132501 1133139 1133461 1134208 1135030 1135219 1135221 1135388 1136110 1137990 1138529 1140290 1143436 1144903 1145095 1146360 1148931 1149429 1149841 1151021 1151186 1151793 1152856 1153108 1153158 1153161 1153423 1153869 1154212 1154738 1154999 1171863 1171864 1171866 1172348 1175193 1175194 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-16889 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2019-0804 CVE-2019-10220 CVE-2019-10691 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-13173 CVE-2019-14835 CVE-2019-15903 CVE-2019-17133 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-3821 CVE-2019-3881 CVE-2019-7150 CVE-2019-7665 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 CVE-2020-14349 CVE-2020-14350 SUSE-SU-2018:3045-1 SUSE-SU-2019:0997-1 SUSE-SU-2019:1486-1 SUSE-SU-2019:2049-1 SUSE-SU-2019:2081-1 SUSE-SU-2019:2428-1 SUSE-SU-2019:2503-1 SUSE-SU-2019:2819-1 SUSE-SU-2019:2871-1 SUSE-SU-2019:3238-1 SUSE-SU-2020:0440-1 SUSE-SU-2020:1682-2
Platform(s):	SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND python-lxml-2.3.6-0.13 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information krb5-1.6.3-133.49.68 is installed OR krb5-32bit-1.6.3-133.49.68 is installed OR krb5-client-1.6.3-133.49.68 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information bind-libs-9.9.5P1-1 is installed OR bind-libs-32bit-9.9.5P1-1 is installed OR bind-utils-9.9.5P1-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information cups-pk-helper-0.2.5-3 is installed OR cups-pk-helper-lang-0.2.5-3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information ecryptfs-utils-103-7 is installed OR ecryptfs-utils-32bit-103-7 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information dhcp-4.3.3-9 is installed OR dhcp-client-4.3.3-9 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information cracklib-2.9.0-7 is installed OR libcrack2-2.9.0-7 is installed OR libcrack2-32bit-2.9.0-7 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 is installed AND Package Information perl-5.26.1-7.12 is installed OR perl-32bit-5.26.1-7.12 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND Package Information elfutils-0.168-4.5 is installed OR elfutils-lang-0.168-4.5 is installed OR libasm-devel-0.168-4.5 is installed OR libasm1-0.168-4.5 is installed OR libdw-devel-0.168-4.5 is installed OR libdw1-0.168-4.5 is installed OR libdw1-32bit-0.168-4.5 is installed OR libebl-devel-0.168-4.5 is installed OR libebl-plugins-0.168-4.5 is installed OR libebl-plugins-32bit-0.168-4.5 is installed OR libelf-devel-0.168-4.5 is installed OR libelf1-0.168-4.5 is installed OR libelf1-32bit-0.168-4.5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information java-1_8_0-openjdk-1.8.0.181-3.10 is installed OR java-1_8_0-openjdk-demo-1.8.0.181-3.10 is installed OR java-1_8_0-openjdk-devel-1.8.0.181-3.10 is installed OR java-1_8_0-openjdk-headless-1.8.0.181-3.10 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_28-default-5-2 is installed OR kernel-livepatch-SLE15_Update_8-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_7-default-5-2 is installed OR kernel-livepatch-SLE15-SP1_Update_2-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information ceph-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-base-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-fuse-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-grafana-dashboards-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-mds-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-mgr-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-mgr-dashboard-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-mgr-diskprediction-cloud-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-mgr-diskprediction-local-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-mgr-rook-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-mgr-ssh-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-mon-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-osd-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-radosgw-14.2.1.468+g994fd9e0cc-3.3 is installed OR ceph-test-14.2.1.468+g994fd9e0cc-3.3 is installed OR cephfs-shell-14.2.1.468+g994fd9e0cc-3.3 is installed OR rbd-fuse-14.2.1.468+g994fd9e0cc-3.3 is installed OR rbd-mirror-14.2.1.468+g994fd9e0cc-3.3 is installed OR rbd-nbd-14.2.1.468+g994fd9e0cc-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information dovecot23-2.3.3-4.13 is installed OR dovecot23-backend-mysql-2.3.3-4.13 is installed OR dovecot23-backend-pgsql-2.3.3-4.13 is installed OR dovecot23-backend-sqlite-2.3.3-4.13 is installed OR dovecot23-devel-2.3.3-4.13 is installed OR dovecot23-fts-2.3.3-4.13 is installed OR dovecot23-fts-lucene-2.3.3-4.13 is installed OR dovecot23-fts-solr-2.3.3-4.13 is installed OR dovecot23-fts-squat-2.3.3-4.13 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 15 is installed AND Package Information nodejs10-10.16.0-1.9 is installed OR nodejs10-devel-10.16.0-1.9 is installed OR nodejs10-docs-10.16.0-1.9 is installed OR npm10-10.16.0-1.9 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information apache2-mod_php7-7.2.5-4.40 is installed OR php7-7.2.5-4.40 is installed OR php7-bcmath-7.2.5-4.40 is installed OR php7-bz2-7.2.5-4.40 is installed OR php7-calendar-7.2.5-4.40 is installed OR php7-ctype-7.2.5-4.40 is installed OR php7-curl-7.2.5-4.40 is installed OR php7-dba-7.2.5-4.40 is installed OR php7-devel-7.2.5-4.40 is installed OR php7-dom-7.2.5-4.40 is installed OR php7-enchant-7.2.5-4.40 is installed OR php7-exif-7.2.5-4.40 is installed OR php7-fastcgi-7.2.5-4.40 is installed OR php7-fileinfo-7.2.5-4.40 is installed OR php7-fpm-7.2.5-4.40 is installed OR php7-ftp-7.2.5-4.40 is installed OR php7-gd-7.2.5-4.40 is installed OR php7-gettext-7.2.5-4.40 is installed OR php7-gmp-7.2.5-4.40 is installed OR php7-iconv-7.2.5-4.40 is installed OR php7-intl-7.2.5-4.40 is installed OR php7-json-7.2.5-4.40 is installed OR php7-ldap-7.2.5-4.40 is installed OR php7-mbstring-7.2.5-4.40 is installed OR php7-mysql-7.2.5-4.40 is installed OR php7-odbc-7.2.5-4.40 is installed OR php7-opcache-7.2.5-4.40 is installed OR php7-openssl-7.2.5-4.40 is installed OR php7-pcntl-7.2.5-4.40 is installed OR php7-pdo-7.2.5-4.40 is installed OR php7-pear-7.2.5-4.40 is installed OR php7-pear-Archive_Tar-7.2.5-4.40 is installed OR php7-pgsql-7.2.5-4.40 is installed OR php7-phar-7.2.5-4.40 is installed OR php7-posix-7.2.5-4.40 is installed OR php7-shmop-7.2.5-4.40 is installed OR php7-snmp-7.2.5-4.40 is installed OR php7-soap-7.2.5-4.40 is installed OR php7-sockets-7.2.5-4.40 is installed OR php7-sqlite-7.2.5-4.40 is installed OR php7-sysvmsg-7.2.5-4.40 is installed OR php7-sysvsem-7.2.5-4.40 is installed OR php7-sysvshm-7.2.5-4.40 is installed OR php7-tokenizer-7.2.5-4.40 is installed OR php7-wddx-7.2.5-4.40 is installed OR php7-xmlreader-7.2.5-4.40 is installed OR php7-xmlrpc-7.2.5-4.40 is installed OR php7-xmlwriter-7.2.5-4.40 is installed OR php7-xsl-7.2.5-4.40 is installed OR php7-zip-7.2.5-4.40 is installed OR php7-zlib-7.2.5-4.40 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information apache-commons-beanutils-1.9.2-1 is installed OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_45-default-5-4 is installed OR kgraft-patch-3_12_74-60_64_45-xen-5-4 is installed OR kgraft-patch-SLE12-SP1_Update_16-5-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information curl-7.37.0-31 is installed OR libcurl4-7.37.0-31 is installed OR libcurl4-32bit-7.37.0-31 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libvirt-2.0.0-27.45 is installed OR libvirt-client-2.0.0-27.45 is installed OR libvirt-daemon-2.0.0-27.45 is installed OR libvirt-daemon-config-network-2.0.0-27.45 is installed OR libvirt-daemon-config-nwfilter-2.0.0-27.45 is installed OR libvirt-daemon-driver-interface-2.0.0-27.45 is installed OR libvirt-daemon-driver-libxl-2.0.0-27.45 is installed OR libvirt-daemon-driver-lxc-2.0.0-27.45 is installed OR libvirt-daemon-driver-network-2.0.0-27.45 is installed OR libvirt-daemon-driver-nodedev-2.0.0-27.45 is installed OR libvirt-daemon-driver-nwfilter-2.0.0-27.45 is installed OR libvirt-daemon-driver-qemu-2.0.0-27.45 is installed OR libvirt-daemon-driver-secret-2.0.0-27.45 is installed OR libvirt-daemon-driver-storage-2.0.0-27.45 is installed OR libvirt-daemon-hooks-2.0.0-27.45 is installed OR libvirt-daemon-lxc-2.0.0-27.45 is installed OR libvirt-daemon-qemu-2.0.0-27.45 is installed OR libvirt-daemon-xen-2.0.0-27.45 is installed OR libvirt-doc-2.0.0-27.45 is installed OR libvirt-lock-sanlock-2.0.0-27.45 is installed OR libvirt-nss-2.0.0-27.45 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-7-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND iputils-s20121221-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information curl-7.37.0-37.43 is installed OR libcurl4-7.37.0-37.43 is installed OR libcurl4-32bit-7.37.0-37.43 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_176-94_88-default-4-2 is installed OR kgraft-patch-SLE12-SP3_Update_24-4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libopenssl-devel-1.0.2j-60.39 is installed OR libopenssl1_0_0-1.0.2j-60.39 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.39 is installed OR openssl-1.0.2j-60.39 is installed OR openssl-doc-1.0.2j-60.39 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information cups-filters-1.0.58-19.2 is installed OR cups-filters-cups-browsed-1.0.58-19.2 is installed OR cups-filters-foomatic-rip-1.0.58-19.2 is installed OR cups-filters-ghostscript-1.0.58-19.2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information icu-60.2-3.9 is installed OR libicu-devel-60.2-3.9 is installed OR libicu60_2-60.2-3.9 is installed OR libicu60_2-bedata-60.2-3.9 is installed OR libicu60_2-ledata-60.2-3.9 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information grub2-2.02-19.48 is installed OR grub2-i386-pc-2.02-19.48 is installed OR grub2-powerpc-ieee1275-2.02-19.48 is installed OR grub2-snapper-plugin-2.02-19.48 is installed OR grub2-systemd-sleep-plugin-2.02-19.48 is installed OR grub2-x86_64-efi-2.02-19.48 is installed OR grub2-x86_64-xen-2.02-19.48 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information kernel-default-4.12.14-25.13 is installed OR kernel-default-extra-4.12.14-25.13 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information xen-4.5.5_14-22.25 is installed OR xen-doc-html-4.5.5_14-22.25 is installed OR xen-kmp-default-4.5.5_14_k3.12.74_60.64.54-22.25 is installed OR xen-libs-4.5.5_14-22.25 is installed OR xen-libs-32bit-4.5.5_14-22.25 is installed OR xen-tools-4.5.5_14-22.25 is installed OR xen-tools-domU-4.5.5_14-22.25 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information nodejs-common-1.0-2 is installed OR nodejs6-6.11.1-11.5 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND clamav-0.100.3-33.29 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed

BACK