Updated elfutils packages fix security vulnerabilities
Publication date: 18 Aug 2019Modification date: 18 Aug 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-7607 , CVE-2017-7608 , CVE-2017-7609 , CVE-2017-7610 , CVE-2017-7611 , CVE-2017-7612 , CVE-2017-7613 , CVE-2018-16062 , CVE-2018-16402 , CVE-2018-16403 , CVE-2018-18310 , CVE-2018-18520 , CVE-2018-18521 , CVE-2019-7149 , CVE-2019-7150 , CVE-2019-7664 , CVE-2019-7665
Description
It was discovered that elfutils incorrectly handled certain malformed
files. If a user or automated system were tricked into processing a
specially crafted file, elfutils could be made to crash or consume
resources, resulting in a denial of service (CVE-2017-7607, CVE-2017-7608,
CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613,
CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310,
CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150,
CVE-2019-7665).
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note
in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf
input causes a segmentation fault, leading to denial of service (program
crash) (CVE-2019-7664).
References
- https://bugs.mageia.org/show_bug.cgi?id=23160
- https://usn.ubuntu.com/3670-1/
- https://usn.ubuntu.com/4012-1/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z6QQTO2CLXUBNNOX4DEZ5XXWJYV3SYVN/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665
SRPMS
6/core
- elfutils-0.176-1.mga6