elfutils: Double-free due to double decompression of sections in crafted ELF causes crash

libelf/elfend.c in elfutils 0.173 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact because it tries to decompress twice...

elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32xlatetom in elf32xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service program crash because eblcorenote does not reject malformed core file notes...

elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarfgetaranges in dwarfgetaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a...

elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...

elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c

Divide-by-zero vulnerabilities in the function arlibaddsymbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by eu-ranlib, because a zero shentsize is mishandled...

elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

elfutils: eu-size cannot handle recursive ar files

An Invalid Memory Address Dereference exists in the function elfend in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handlear in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a...

elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl

An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by considernotes...

elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarfgetabbrev in dwarfgetabbrev.c and dwarfhasattr in dwarfhasattr.c, leading to a heap-based buffer over-read and an application crash...

SUSE SLED12 / SLES12 Security Update : elfutils (SUSE-SU-2019:1733-1)

This update for elfutils fixes the following issues : Security issues fixed : CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service bsc1107067. CVE-2016-10254: Fixed a memory allocation failure in alloxateelf bsc1030472. CVE-2019-7665: NTPLATFORM core file...

SUSE-SU-2019:1733-1 Security update for elfutils

This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service bsc1107067. - CVE-2016-10254: Fixed a memory allocation failure in alloxateelf bsc1030472. - CVE-2019-7665: NTPLATFORM core fi...

Photon OS 3.0: Elfutils PHSA-2019-3.0-0015

An update of the elfutils package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0015. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid126111;...

Photon OS 1.0: Elfutils PHSA-2019-1.0-0239

An update of the elfutils package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0239. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 2.0: Elfutils PHSA-2019-2.0-0164

An update of the elfutils package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0164. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Security update for elfutils (moderate)

openSUSE Security Update: Security update for elfutils Announcement ID: openSUSE-SU-2019:1590-1 Rating: moderate References: 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 Cross-References: CVE-2017-7607 CVE-2017-7608...

Critical Photon OS Security Update - PHSA-2019-3.0-0021

Updates of 'python2', 'linux-aws', 'linux', 'linux-esx', 'linux-secure', 'elfutils' packages of Photon OS have been released...

openSUSE Security Update : elfutils (openSUSE-2019-1590)

This update for elfutils fixes the following issues : Security issues fixed : - CVE-2017-7607: Fixed a heap-based buffer overflow in handlegnuhash bsc1033084 - CVE-2017-7608: Fixed a heap-based buffer overflow in eblobjectnotetypename bsc1033085 - CVE-2017-7609: Fixed a memory allocation failure ...

Critical Photon OS Security Update - PHSA-2019-0021

Updates of 'python2', 'elfutils', 'linux-esx', 'linux', 'linux-secure', 'linux-aws' packages of Photon OS have been released...

openSUSE: Security Advisory for elfutils (openSUSE-SU-2019:1590-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2019:1590-1 Security update for elfutils

This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handlegnuhash bsc1033084 - CVE-2017-7608: Fixed a heap-based buffer overflow in eblobjectnotetypename bsc1033085 - CVE-2017-7609: Fixed a memory allocation failure in...