EulerOS 2.0 SP8 : elfutils (EulerOS-SA-2019-2102)

According to the versions of the elfutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through v0.174. The vulnerability...

EulerOS 2.0 SP3 : elfutils (EulerOS-SA-2019-2272)

According to the versions of the elfutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - dwarfgetaranges in dwarfgetaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service heap-based...

RHEL 8 : elfutils (RHSA-2019:3575)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3575 advisory. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The...

elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...

elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h

In elfutils 0.175, a negative-sized memcpy is attempted in elfcvtnote in libelf/notexlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service program crash...

elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32xlatetom in elf32xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service program crash because eblcorenote does not reject malformed core file notes...

elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl

In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...

Low: Red Hat Security Advisory: elfutils security, bug fix, and enhancement update

An update for elfutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Amazon Linux 2 : elfutils (ALAS-2019-1337)

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarfgetaranges in dwarfgetaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a...

Low: elfutils

Issue Overview: An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarfgetaranges in dwarfgetaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of...

NewStart CGSL CORE 5.04 / MAIN 5.04 : elfutils Multiple Vulnerabilities (NS-SA-2019-0209)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has elfutils packages installed that are affected by multiple vulnerabilities: - dwarfgetaranges in dwarfgetaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service heap-based buffer...

elfutils security update

CentOS Errata and Security Advisory CESA-2019:2197 An update for elfutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : elfutils (CESA-2019:2197)

An update for elfutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Scientific Linux Security Update : elfutils on SL7.x x86_64 (20190806)

The following packages have been upgraded to a later upstream version: elfutils 0.176. Security Fixes : - elfutils: Heap-based buffer over-read in libdw/dwarfgetaranges.c:dwarfgetaranges via crafted file CVE-2018-16062 - elfutils: Double-free due to double decompression of sections in crafted ELF...

Updated elfutils packages fix security vulnerabilities

It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service CVE-2017-7607, CVE-2017-7608, CVE-2017-7609,...

elfutils security, bug fix, and enhancement update

0.176-2 - Add elfutils-0.176-xlate-note.patch 1704754 0.176-1 - New upstream release 1676504 CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18521, CVE-2018-18520...

RHEL 7 : elfutils (RHSA-2019:2197)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2197 advisory. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The...

Buffer Overflows

elfutils is vulnerable to heap-based buffer over-read. It is possible in libdw/dwarfgetabbrev.c and libwd/dwarfhasattr.c, leading to an application crash...

Denial Of Service (DoS)

elfutils is vulnerable to denial of service DoS. The attack is due to divide-by-zero error in the function arlibaddsymbols in arlib.c...