An update that fixes 19 vulnerabilities, contains one
feature is now available.
Description:
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset. Decode
DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only
returns NULL when there is an error reading or decompressing a file. If
the file is not an ELF file an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option. Do NOT use this for system
installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 -
CVE-2019-7150: dwfl_segment_report_module doesn’t check whether the
dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated
string (CVE is a bit misleading, as this is not a bug in libelf as
described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU
Property, NT_VERSION and GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only
option. Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and
BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle
SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function
arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in
dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files
(bsc#1112726)
Update to version 0.174:
-
libelf, libdw and all tools now handle extended shnum and shstrndx
correctly.
-
elfcompress: Don’t rewrite input file if no section data needs updating.
Try harder to keep same file mode bits (suid) on rewrite.
-
strip: Handle mixed (out of order) allocated/non-allocated sections.
-
unstrip: Handle SHT_GROUP sections.
-
backends: RISCV and M68K now have backend implementations to generate
CFI based backtraces.
-
Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to
decompress the same section twice (bsc#1107066) Double-free crash in
nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in
/elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular
various functions now detect and break infinite loops caused by bad DIE
tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section). Removed dwarf_getscn_info, which was
never implemented.
- backends: Handle BPF simple relocations. The RISCV backends now handles
ABI specific CFI and knows about RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
-
DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr,
.debug_line_str, .debug_loclists, .debug_str_offsets and
.debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of
the existing .debug sections. Also in split DWARF .dwo (DWARF object)
files. This support is mostly handled by existing functions
(dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.)
now returning the data from the new sections and data formats. But some
new functions have been added to more easily get information about
skeleton and split compile units (dwarf_get_units and dwarf_cu_info),
handle new attribute data (dwarf_getabbrevattr_data) and to keep
references to Dwarf_Dies that might come from different sections or
files (dwarf_die_addr_die).
-
Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf
Supplementary) files, the .debug_names index, the .debug_cu_index and
.debug_tu_index sections. Only a single .debug_info (and .debug_types)
section are currently handled.
-
readelf: Handle all new DWARF5 sections.
–debug-dump=info+ will show split unit DIEs when found.
–dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
-
libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to
resolve the alt file on first use of an alt attribute FORM when not set
yet with dwarf_set_alt. dwarf_aggregate_size() now works with
multi-dimensional arrays.
-
libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows. The sha1 and md5
implementations have been removed, they weren’t used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language
code, calling convention, defaulted member function and macro constants
to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer
unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group
(bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress
(bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
(readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name
(eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a
crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer
over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don’t make elfutils recommend elfutils-lang as elfutils-lang already
supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the
Linux Kernel BTF verification framework.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2614=1
-
SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2614=1
-
SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2614=1
-
SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2614=1