(RHSA-2019:3575) Low: elfutils security, bug fix, and enhancement update

2019-11-0518:02:56

access.redhat.com

0.004 Low

EPSS

Percentile

72.4%

JSON

The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.

The following packages have been upgraded to a later upstream version: elfutils (0.176). (BZ#1683705)

Security Fix(es):

elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl (CVE-2019-7146)
elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw (CVE-2019-7149)
elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150)
elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h (CVE-2019-7664)
elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64elfutils-libs< 0.176-5.el8elfutils-libs-0.176-5.el8.x86_64.rpm
RedHat8ppc64leelfutils-debuginfo< 0.176-5.el8elfutils-debuginfo-0.176-5.el8.ppc64le.rpm
RedHat8x86_64elfutils-libelf-devel-static< 0.176-5.el8elfutils-libelf-devel-static-0.176-5.el8.x86_64.rpm
RedHat8aarch64elfutils-devel-static< 0.176-5.el8elfutils-devel-static-0.176-5.el8.aarch64.rpm
RedHat8s390xelfutils< 0.176-5.el8elfutils-0.176-5.el8.s390x.rpm
RedHat8aarch64elfutils< 0.176-5.el8elfutils-0.176-5.el8.aarch64.rpm
RedHat8s390xelfutils-debugsource< 0.176-5.el8elfutils-debugsource-0.176-5.el8.s390x.rpm
RedHat8i686elfutils-libelf-debuginfo< 0.176-5.el8elfutils-libelf-debuginfo-0.176-5.el8.i686.rpm
RedHat8aarch64elfutils-libelf-devel-static< 0.176-5.el8elfutils-libelf-devel-static-0.176-5.el8.aarch64.rpm
RedHat8ppc64leelfutils-libs-debuginfo< 0.176-5.el8elfutils-libs-debuginfo-0.176-5.el8.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	elfutils-libs	< 0.176-5.el8	elfutils-libs-0.176-5.el8.x86_64.rpm
RedHat	8	ppc64le	elfutils-debuginfo	< 0.176-5.el8	elfutils-debuginfo-0.176-5.el8.ppc64le.rpm
RedHat	8	x86_64	elfutils-libelf-devel-static	< 0.176-5.el8	elfutils-libelf-devel-static-0.176-5.el8.x86_64.rpm
RedHat	8	aarch64	elfutils-devel-static	< 0.176-5.el8	elfutils-devel-static-0.176-5.el8.aarch64.rpm
RedHat	8	s390x	elfutils	< 0.176-5.el8	elfutils-0.176-5.el8.s390x.rpm
RedHat	8	aarch64	elfutils	< 0.176-5.el8	elfutils-0.176-5.el8.aarch64.rpm
RedHat	8	s390x	elfutils-debugsource	< 0.176-5.el8	elfutils-debugsource-0.176-5.el8.s390x.rpm
RedHat	8	i686	elfutils-libelf-debuginfo	< 0.176-5.el8	elfutils-libelf-debuginfo-0.176-5.el8.i686.rpm
RedHat	8	aarch64	elfutils-libelf-devel-static	< 0.176-5.el8	elfutils-libelf-devel-static-0.176-5.el8.aarch64.rpm
RedHat	8	ppc64le	elfutils-libs-debuginfo	< 0.176-5.el8	elfutils-libs-debuginfo-0.176-5.el8.ppc64le.rpm