elfutils-0.176-2.el7

エラータID: AXSA:2019-3992:02

Release date: 
Wednesday, August 14, 2019 - 13:37
Subject: 
elfutils-0.176-2.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.

The following packages have been upgraded to a later upstream version: elfutils (0.176). (BZ#1676504)

Security Fix(es):

* elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file (CVE-2018-16062)

* elfutils: Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402)

* elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash (CVE-2018-16403)

* elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl (CVE-2018-18310)

* elfutils: eu-size cannot handle recursive ar files (CVE-2018-18520)

* elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c (CVE-2018-18521)

* elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw (CVE-2019-7149)

* elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150)

* elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h (CVE-2019-7664)

* elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-16062
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2018-16402
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-16403
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
CVE-2018-18310
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
CVE-2018-18520
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
CVE-2018-18521
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
CVE-2019-7149
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
CVE-2019-7150
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.
CVE-2019-7664
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVE-2019-7665
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

Solution: 

Update packages.

CVEs: 
CVE-2018-16062
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2018-16402
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-16403
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
CVE-2018-18310
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
CVE-2018-18520
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
CVE-2018-18521
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
CVE-2019-7149
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
CVE-2019-7150
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.
CVE-2019-7664
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVE-2019-7665
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
Additional Info: 

N/A

Download: 

SRPMS
  1. elfutils-0.176-2.el7.src.rpm
    MD5: a7bd4eae525bcbabc1821ff8e9b818f0
    SHA-256: ef98e377712c260117894afee3ee0bab93fdb9b45a92cfd691f87de49cf05ff4
    Size: 8.29 MB

Asianux Server 7 for x86_64
  1. elfutils-0.176-2.el7.x86_64.rpm
    MD5: 6fc5245c0e5c7f21df13736682ca72a7
    SHA-256: 6330ca56fce9d530da3f976c881266b45b1da4f9c55ab83d193f2e0010cbb16b
    Size: 303.87 kB
  2. elfutils-default-yama-scope-0.176-2.el7.noarch.rpm
    MD5: 4b175f1b7e54e3abc6b565452cd6e59f
    SHA-256: ba46e4e078079757f435faa20744962923ff95d7ca915381450164d57ca883d1
    Size: 31.66 kB
  3. elfutils-devel-0.176-2.el7.x86_64.rpm
    MD5: 5f9d8e76c68a77a297cc9b4c50e4d67e
    SHA-256: cee3358a0295f7ba73d5e98975ede81fe4361afa9355f0b46a92edfb8ab316a3
    Size: 88.86 kB
  4. elfutils-libelf-0.176-2.el7.x86_64.rpm
    MD5: a6c1a366c2e032b6c7e5d6e70655aa87
    SHA-256: a617e238f1a3d724b2b92081f6cecc037b8175b99d21dc2736585d514f00cee9
    Size: 193.50 kB
  5. elfutils-libelf-devel-0.176-2.el7.x86_64.rpm
    MD5: 208ba028af66b2e19883c894513c5c82
    SHA-256: 27b5ce51cf3f34a54f107b55bba65d9406abe4ddf69a90ad26fb5d8108ddbdba
    Size: 38.53 kB
  6. elfutils-libs-0.176-2.el7.x86_64.rpm
    MD5: c508a4bbaf265caf93e0d439b493eb32
    SHA-256: 6b297a89f76b8f824cf0c8357a7556f4a17822db25944dc2b44ca2bccd939a19
    Size: 289.65 kB
  7. elfutils-devel-0.176-2.el7.i686.rpm
    MD5: e7a0b2896c77007bf8884d71d685b352
    SHA-256: 4a089d6a2d0dc18ba115261225c18e5d52233094fcf955bf1dc202e3a8359225
    Size: 90.18 kB
  8. elfutils-libelf-0.176-2.el7.i686.rpm
    MD5: 4e22ec0eccb6a3197c2f72a15c089296
    SHA-256: fc0ff5858d69225524c59305ae2a3df5b54e22d9ec76045eed8537b83193da97
    Size: 198.86 kB
  9. elfutils-libelf-devel-0.176-2.el7.i686.rpm
    MD5: def930955302397c4c28fb1cfd83a9b4
    SHA-256: a9c4d67d370a2fd770d4b2426801beb3ee21968a6743ee090fcb651981fd77aa
    Size: 38.56 kB
  10. elfutils-libs-0.176-2.el7.i686.rpm
    MD5: f25e5a0f560dee505d7464af2bde311a
    SHA-256: 816b36275e4b437570326325d036c56eddf1c7734cf6baf0be0f087c9d7512d9
    Size: 316.82 kB