SUSE-SU-2019:1733-1 -- SLES elfutils ,libelf, libebl, libdw, libasmID: oval:org.secpod.oval:def:89003290 | Date: (C)2021-02-27 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service . - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf . - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string . - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock . - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read . - CVE-2018-16062: Fixed a heap-buffer-overflow . - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service . - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file . - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash . - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name . - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group . - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols . - CVE-2017-7612: Fixed a denial of service in check_sysv_hash via a crafted ELF file . - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c . - CVE-2018-18520: Fixed bad handling of ar files inside are files .
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP4 |
Product: |
elfutils |
libasm |
libdw |
libebl |
libelf |