PT-2019-1676 · Red Hat +5 · Elfutils +6

🗓️ 10 Oct 2018 00:00:00Reported by Positive TechnologiesType

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

Elfutils 0.175 has a segfault in elf64 xlatetom from truncated core data, causing denial of service; workaround is to disable the elf64 xlatetom in libelf/elf32 xlatetom.c.

Reporter	Title	Published	Views	Family All 583
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs	29 Apr 202502:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows	25 Feb 201920:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM CICS TX Advanced is vulnerable to a Denial of Service (CVE-2021-33294 and CVE-2020-21047).	1 Feb 202414:18	–	ibm
Tenable Nessus	Amazon Linux 2 : elfutils (ALAS-2019-1337)	25 Oct 201900:00	–	nessus
Tenable Nessus	Amazon Linux 2 : elfutils (ALAS-2023-2197)	14 Aug 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : elfutils (ALAS-2023-2259)	20 Sep 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0041: elfutils (ALINUX3-SA-2022:0041)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : elfutils (CESA-2019:3575)	29 Jan 202100:00	–	nessus
Tenable Nessus	CentOS 7 : elfutils (CESA-2019:2197)	30 Aug 201900:00	–	nessus
Tenable Nessus	Debian DLA-1689-1 : elfutils security update	26 Feb 201900:00	–	nessus

Source	Link
sourceware	www.sourceware.org/bugzilla/show_bug.cgi
bdu	www.bdu.fstec.ru/vul/2019-01237
bdu	www.bdu.fstec.ru/vul/2021-01428
ubuntu	www.ubuntu.com/security/CVE-2019-7150
bdu	www.bdu.fstec.ru/vul/2019-01235
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
ubuntu	www.ubuntu.com/security/CVE-2019-7665
errata	www.errata.altlinux.org/ALT-PU-2019-1249
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
bdu	www.bdu.fstec.ru/vul/2023-07670

30 Aug 2023 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.5 - 9.8

CVSS 27.5

CVSS 36.5

EPSS0.01961

SSVC