EulerOS Virtualization for ARM 64 3.0.5.0 : elfutils (EulerOS-SA-2020-1055)

According to the versions of the elfutils packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through...

NewStart CGSL CORE 5.05 / MAIN 5.05 : elfutils Multiple Vulnerabilities (NS-SA-2019-0258)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has elfutils packages installed that are affected by multiple vulnerabilities: - dwarfgetaranges in dwarfgetaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service heap-based buffer...

EulerOS 2.0 SP3 : elfutils (EulerOS-SA-2019-2573)

According to the versions of the elfutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The libelfsetrawdatawrlock function in elfgetdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a...

EulerOS 2.0 SP5 : elfutils (EulerOS-SA-2019-2523)

According to the version of the elfutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - DISPUTED An attempted excessive memory allocation was discovered in the function readlongnames in elfbegin.c in libelf in elfutils 0.174. Remote...

EulerOS 2.0 SP2 : elfutils (EulerOS-SA-2019-2510)

According to the versions of the elfutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Divide-by-zero vulnerabilities in the function arlibaddsymbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of servic...

EulerOS Virtualization for ARM 64 3.0.3.0 : elfutils (EulerOS-SA-2019-2313)

According to the versions of the elfutils packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarfgetabbrev in dwarfgetabbrev.c and...

elfutils security, bug fix, and enhancement update

0.176-5 - Add elfutils-0.176-strip-symbols-illformed.patch 0.176-4 - Add elfutils-0.176-elf-update.patch 1717349 0.176-3 - Rebuilt for annobin change. 0.176-2 - Add elfutils-0.176-xlate-note.patch 1705138 0.176-1 - New upstream release. - backends: riscv improved core file and return value locati...

EulerOS 2.0 SP5 : elfutils (EulerOS-SA-2019-2141)

According to the versions of the elfutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - dwarfgetaranges in dwarfgetaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service heap-based...

EulerOS 2.0 SP8 : elfutils (EulerOS-SA-2019-2102)

According to the versions of the elfutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through v0.174. The vulnerability...

EulerOS 2.0 SP3 : elfutils (EulerOS-SA-2019-2272)

According to the versions of the elfutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - dwarfgetaranges in dwarfgetaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service heap-based...

RHEL 8 : elfutils (RHSA-2019:3575)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3575 advisory. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The...

elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl

In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...

elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h

In elfutils 0.175, a negative-sized memcpy is attempted in elfcvtnote in libelf/notexlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service program crash...

Low: Red Hat Security Advisory: elfutils security, bug fix, and enhancement update

An update for elfutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32xlatetom in elf32xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service program crash because eblcorenote does not reject malformed core file notes...

elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...

elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

new packages: gcc-toolset-9-elfutils

An update is available for gcc-toolset-9-elfutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset is a compiler toolset that provides recent version...

new packages: gcc-toolset-9-elfutils

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-elfutils packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

Amazon Linux 2 : elfutils (ALAS-2019-1337)

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarfgetaranges in dwarfgetaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a...