9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
An update that fixes 19 vulnerabilities, contains one
feature is now available.
Description:
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
Update to version 0.176:
Update to version 0.175:
Update to version 0.174:
libelf, libdw and all tools now handle extended shnum and shstrndx
correctly.
elfcompress: Don’t rewrite input file if no section data needs updating.
Try harder to keep same file mode bits (suid) on rewrite.
strip: Handle mixed (out of order) allocated/non-allocated sections.
unstrip: Handle SHT_GROUP sections.
backends: RISCV and M68K now have backend implementations to generate
CFI based backtraces.
Fixes:
Update to version 0.173:
Update to version 0.172:
Update to version 0.171:
DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr,
.debug_line_str, .debug_loclists, .debug_str_offsets and
.debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of
the existing .debug sections. Also in split DWARF .dwo (DWARF object)
files. This support is mostly handled by existing functions
(dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.)
now returning the data from the new sections and data formats. But some
new functions have been added to more easily get information about
skeleton and split compile units (dwarf_get_units and dwarf_cu_info),
handle new attribute data (dwarf_getabbrevattr_data) and to keep
references to Dwarf_Dies that might come from different sections or
files (dwarf_die_addr_die).
Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf
Supplementary) files, the .debug_names index, the .debug_cu_index and
.debug_tu_index sections. Only a single .debug_info (and .debug_types)
section are currently handled.
readelf: Handle all new DWARF5 sections.
–debug-dump=info+ will show split unit DIEs when found.
–dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to
resolve the alt file on first use of an alt attribute FORM when not set
yet with dwarf_set_alt. dwarf_aggregate_size() now works with
multi-dimensional arrays.
libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows. The sha1 and md5
implementations have been removed, they weren’t used.
Update to version 0.170:
Update to version 0.169:
dwarves is shipped new in version 1.22 to provide tooling for use by the
Linux Kernel BTF verification framework.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2614=1
SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2614=1
SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2614=1
SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2614=1
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P