Oval Definition:oval:org.opensuse.security:def:74253
Revision Date:2020-12-01Version:1
Title:Security update for elfutils (Moderate)
Description:

This update for elfutils fixes the following issues:

Security issues fixed:

- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)

This update was imported from the SUSE:SLE-15:Update update project.
Family:unixClass:patch
Status:Reference(s):1033084
1033085
1033086
1033087
1033088
1033089
1033090
1073313
1106390
1107066
1107067
1111388
1111973
1112723
1112726
1114845
1123685
1125007
1143194
1143273
CVE-2017-17740
CVE-2017-7607
CVE-2017-7608
CVE-2017-7609
CVE-2017-7610
CVE-2017-7611
CVE-2017-7612
CVE-2017-7613
CVE-2018-16062
CVE-2018-16402
CVE-2018-16403
CVE-2018-18310
CVE-2018-18520
CVE-2018-18521
CVE-2019-13057
CVE-2019-13565
CVE-2019-7150
CVE-2019-7665
openSUSE-SU-2019:1590-1
openSUSE-SU-2019:2157-1
Platform(s):openSUSE Leap 15.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • elfutils-0.168-lp151.4.3 is installed
  • OR elfutils-lang-0.168-lp151.4.3 is installed
  • OR libasm-devel-0.168-lp151.4.3 is installed
  • OR libasm1-0.168-lp151.4.3 is installed
  • OR libasm1-32bit-0.168-lp151.4.3 is installed
  • OR libdw-devel-0.168-lp151.4.3 is installed
  • OR libdw1-0.168-lp151.4.3 is installed
  • OR libdw1-32bit-0.168-lp151.4.3 is installed
  • OR libebl-devel-0.168-lp151.4.3 is installed
  • OR libebl-plugins-0.168-lp151.4.3 is installed
  • OR libebl-plugins-32bit-0.168-lp151.4.3 is installed
  • OR libelf-devel-0.168-lp151.4.3 is installed
  • OR libelf-devel-32bit-0.168-lp151.4.3 is installed
  • OR libelf1-0.168-lp151.4.3 is installed
  • OR libelf1-32bit-0.168-lp151.4.3 is installed
  • BACK