Univention Bugzilla – Bug 54008
elfutils: Multiple issues (4.4)
Last modified: 2021-11-03 16:43:46 CET
New Debian elfutils 0.168-1+deb9u1 fixes: This update addresses the following issues: * Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file (CVE-2018-16062) * Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402) * invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl (CVE-2018-18310) * eu-size cannot handle recursive ar files (CVE-2018-18520) * Divide-by-zero in arlib_add_symbols function in arlib.c (CVE-2018-18521) * segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150) * heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/elfutils_0.168-1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/elfutils_0.168-1+deb9u1.dsc @@ -1,3 +1,24 @@ +0.168-1+deb9u1 [Sat, 30 Oct 2021 14:54:50 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw + allowed a denial of service (heap-based buffer over-read) via a + crafted file. + * CVE-2018-16402: libelf/elf_end.c in allowed to cause a denial of + service (double free and application crash) because it tried to + decompress twice. + * CVE-2018-18310: An invalid memory address dereference libdwfl + allowed a denial of service (application crash) via a crafted file. + * CVE-2018-18520: A use-after-free in recursive ELF ar files + allowed a denial of service (application crash) via a crafted file. + * CVE-2018-18521: A divide-by-zero in arlib_add_symbols() + allowed a denial of service (application crash) via a crafted file. + * CVE-2019-7150: A segmentation fault could occur due to + dwfl_segment_report_module() not checking whether the dyn data read + from a core file is truncated. + * CVE-2019-7665: NT_PLATFORM core notes contain a zero terminated string + allowed a denial of service (application crash) via a crafted file. + 0.168-1 [Sat, 27 May 2017 15:05:37 +0200] Kurt Roeckx <kurt@roeckx.be>: * Fix CVE-2017-7607 (Closes: #859996) <http://piuparts.knut.univention.de/4.4-8/#8627010309702121101>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1081>