Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2019-3575.NASL
HistoryNov 06, 2019 - 12:00 a.m.

RHEL 8 : elfutils (RHSA-2019:3575)

2019-11-0600:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30

6.9 Medium

AI Score

Confidence

High

JSON

An update for elfutils is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.

The following packages have been upgraded to a later upstream version:
elfutils (0.176). (BZ#1683705)

Security Fix(es) :

  • elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl (CVE-2019-7146)

  • elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw (CVE-2019-7149)

  • elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150)

  • elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h (CVE-2019-7664)

  • elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2019:3575. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('compat.inc');

if (description)
{
  script_id(130553);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/15");

  script_cve_id(
    "CVE-2019-7146",
    "CVE-2019-7149",
    "CVE-2019-7150",
    "CVE-2019-7664",
    "CVE-2019-7665"
  );
  script_xref(name:"RHSA", value:"2019:3575");

  script_name(english:"RHEL 8 : elfutils (RHSA-2019:3575)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"An update for elfutils is now available for Red Hat Enterprise Linux
8.

Red Hat Product Security has rated this update as having a security
impact of Low. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link (s) in the References section.

The elfutils packages contain a number of utility programs and
libraries related to the creation and maintenance of executable code.

The following packages have been upgraded to a later upstream version:
elfutils (0.176). (BZ#1683705)

Security Fix(es) :

* elfutils: buffer over-read in the ebl_object_note function in
eblobjnote.c in libebl (CVE-2019-7146)

* elfutils: heap-based buffer over-read in read_srclines in
dwarf_getsrclines.c in libdw (CVE-2019-7149)

* elfutils: segmentation fault in elf64_xlatetom in
libelf/elf32_xlatetom.c (CVE-2019-7150)

* elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h
(CVE-2019-7664)

* elfutils: heap-based buffer over-read in function elf32_xlatetom in
elf32_xlatetom.c (CVE-2019-7665)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section.");
  # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?774148ae");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:3575");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-7146");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-7149");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-7150");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-7664");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-7665");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7665");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-7149");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-default-yama-scope");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-devel-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-libelf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-libelf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-libelf-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-libelf-devel-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:elfutils-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2019:3575";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"elfutils-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"elfutils-debugsource-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-debugsource-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-debugsource-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-debugsource-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", reference:"elfutils-default-yama-scope-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-devel-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-devel-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-devel-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"elfutils-devel-static-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-devel-static-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-devel-static-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-devel-static-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-libelf-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-libelf-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-libelf-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"elfutils-libelf-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-libelf-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-libelf-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-libelf-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-libelf-devel-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-libelf-devel-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-libelf-devel-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"elfutils-libelf-devel-static-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-libelf-devel-static-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-libelf-devel-static-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-libelf-devel-static-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-libs-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-libs-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-libs-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"elfutils-libs-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"i686", reference:"elfutils-libs-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"elfutils-libs-debuginfo-0.176-5.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"elfutils-libs-debuginfo-0.176-5.el8")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elfutils / elfutils-debuginfo / elfutils-debugsource / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxelfutilsp-cpe:/a:redhat:enterprise_linux:elfutils
redhatenterprise_linuxelfutils-debuginfop-cpe:/a:redhat:enterprise_linux:elfutils-debuginfo
redhatenterprise_linuxelfutils-debugsourcep-cpe:/a:redhat:enterprise_linux:elfutils-debugsource
redhatenterprise_linuxelfutils-default-yama-scopep-cpe:/a:redhat:enterprise_linux:elfutils-default-yama-scope
redhatenterprise_linuxelfutils-develp-cpe:/a:redhat:enterprise_linux:elfutils-devel
redhatenterprise_linuxelfutils-devel-staticp-cpe:/a:redhat:enterprise_linux:elfutils-devel-static
redhatenterprise_linuxelfutils-libelfp-cpe:/a:redhat:enterprise_linux:elfutils-libelf
redhatenterprise_linuxelfutils-libelf-debuginfop-cpe:/a:redhat:enterprise_linux:elfutils-libelf-debuginfo
redhatenterprise_linuxelfutils-libelf-develp-cpe:/a:redhat:enterprise_linux:elfutils-libelf-devel
redhatenterprise_linuxelfutils-libelf-devel-staticp-cpe:/a:redhat:enterprise_linux:elfutils-libelf-devel-static
Rows per page:
1-10 of 131

Related

nessus 29
redhat 3
oraclelinux 2
archlinux 1
openvas 18
fedora 1
f5 1
centos 1
amazon 1
cve 5
ubuntucve 5
alpinelinux 5
osv 8
veracode 5
prion 5
debiancve 5
cloudfoundry 1
ubuntu 2
redhatcve 5
suse 3
mageia 1
debian 2
photon 6
nessus
nessus
Oracle Linux 8 : elfutils (ELSA-2019-3575)
2023-09-07 00:00:00
CentOS 8 : elfutils (CESA-2019:3575)
2021-01-29 00:00:00
Fedora 29 : elfutils (2019-44a9d99647)
2019-02-19 00:00:00
redhat
redhat
(RHSA-2019:3575) Low: elfutils security, bug fix, and enhancement update
2019-11-05 18:02:56
(RHSA-2019:2197) Low: elfutils security, bug fix, and enhancement update
2019-08-06 08:12:18
(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update
2020-10-27 14:57:54
oraclelinux
oraclelinux
elfutils security, bug fix, and enhancement update
2019-11-14 00:00:00
elfutils security, bug fix, and enhancement update
2019-08-13 00:00:00
archlinux
archlinux
[ASA-201903-9] libelf: denial of service
2019-03-18 00:00:00
openvas
openvas
Fedora Update for elfutils FEDORA-2019-44a9d99647
2019-05-07 00:00:00
Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-2141)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2020-1448)
2020-04-16 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: elfutils-0.176-1.fc29
2019-02-18 02:05:55
f5
f5
K21426934 : Multiple elfutils vulnerabilities
2022-04-25 00:00:00
centos
centos
elfutils security update
2019-08-30 02:43:56
amazon
amazon
Low: elfutils
2019-10-21 18:01:00
cve
cve
CVE-2019-7664
2019-02-09 16:29:00
CVE-2019-7149
2019-01-29 00:29:00
CVE-2019-7665
2019-02-09 16:29:00
ubuntucve
ubuntucve
CVE-2019-7664
2019-02-09 00:00:00
CVE-2019-7150
2019-01-28 00:00:00
CVE-2019-7149
2019-01-28 00:00:00
alpinelinux
alpinelinux
CVE-2019-7664
2019-02-09 16:29:00
CVE-2019-7146
2019-01-29 00:29:00
CVE-2019-7149
2019-01-29 00:29:00
osv
osv
CVE-2019-7664
2019-02-09 16:29:00
CVE-2019-7665
2019-02-09 16:29:00
CVE-2019-7146
2019-01-29 00:29:00
veracode
veracode
Denial Of Service (DoS)
2019-08-08 00:07:56
Buffer Over-Read
2019-08-08 00:07:56
Denial Of Service (DoS)
2019-08-08 00:07:56
prion
prion
Buffer overflow
2019-02-09 16:29:00
Heap overflow
2019-01-29 00:29:00
Heap overflow
2019-02-09 16:29:00
debiancve
debiancve
CVE-2019-7664
2019-02-09 16:29:00
CVE-2019-7665
2019-02-09 16:29:00
CVE-2019-7150
2019-01-29 00:29:00
cloudfoundry
cloudfoundry
USN-4012-1: elfutils vulnerabilities | Cloud Foundry
2019-06-18 00:00:00
ubuntu
ubuntu
elfutils vulnerabilities
2019-06-10 00:00:00
elfutils vulnerabilities
2023-08-30 00:00:00
redhatcve
redhatcve
CVE-2019-7664
2019-10-12 02:22:30
CVE-2019-7665
2019-02-15 08:20:29
CVE-2019-7150
2019-01-31 15:50:33
suse
suse
Security update for dwarves and elfutils (moderate)
2022-09-01 00:00:00
Security update for dwarves and elfutils (moderate)
2022-08-01 00:00:00
Security update for elfutils (moderate)
2019-06-20 00:00:00
mageia
mageia
Updated elfutils packages fix security vulnerabilities
2019-08-18 15:39:41
debian
debian
[SECURITY] [DLA 1689-1] elfutils security update
2019-02-25 21:35:38
[SECURITY] [DLA 2802-1] elfutils security update
2021-10-30 21:53:24
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0164
2019-06-17 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0239
2019-06-17 00:00:00
Moderate Photon OS Security Update - PHSA-2019-0164
2019-06-17 00:00:00

6.9 Medium

AI Score

Confidence

High

JSON
Related for REDHAT-RHSA-2019-3575.NASL
nessus29redhat3oraclelinux2archlinux1openvas18fedora1f51centos1amazon1cve5ubuntucve5alpinelinux5osv8veracode5prion5debiancve5cloudfoundry1ubuntu2redhatcve5suse3mageia1debian2photon6