==========================================================================
Ubuntu Security Notice USN-3670-1
June 05, 2018

elfutils vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

elfutils could be made to crash or consume resources if it opened a
specially crafted file.

Software Description:
– elfutils: collection of utilities to handle ELF objects

Details:

Agostino Sarubbo discovered that elfutils incorrectly handled certain
malformed ELF files. If a user or automated system were tricked into
processing a specially crafted ELF file, elfutils could be made to crash or
consume resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
elfutils 0.165-3ubuntu1.1
libasm1 0.165-3ubuntu1.1
libdw1 0.165-3ubuntu1.1
libelf1 0.165-3ubuntu1.1

Ubuntu 14.04 LTS:
elfutils 0.158-0ubuntu5.3
libasm1 0.158-0ubuntu5.3
libdw1 0.158-0ubuntu5.3
libelf1 0.158-0ubuntu5.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3670-1
CVE-2016-10254, CVE-2016-10255, CVE-2017-7607, CVE-2017-7608,
CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612,
CVE-2017-7613

Package Information:
https://launchpad.net/ubuntu/+source/elfutils/0.165-3ubuntu1.1
https://launchpad.net/ubuntu/+source/elfutils/0.158-0ubuntu5.3

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsWsYIACgkQZWnYVadE
vpMnORAAuzrS+kO5WHVm6+82CSqog/v1ZKPlos8jSJg5Ug+ek9Z/5Z0kVkkzaNSj
5iD4XLdNMIHFsV8xvr+b+VzB9t1fOomq8nZ5sV5D9kRImsSBoP5KUMVYNfzDXvaz
eqo0jsw5SFRUtAyur2YN2MPzUPNKeI2ed/CcpNOKRH9X7RaV+P4ulzNPHGxYbgFl
3VRR6veIB7+0FOa+W/eaErDTaMmyH0zWcUtEqELgGdkch1y3L/370m5S0XCGVp9V
+C5crrs7/2Tbpp+J4nKcGB0yr/5AFn2Jx8SQFoYMSeAgeFJFKZenWN4N2t2ILukH
otB1vviMTPNMjLJn38RqZBtillJEgKNi+cTLRTyxvhu5RHaSsFkZmRAmVisdLN5A
2THA+XuXku9DLV9/k2BINJGvgLGVUY7H2LrxMWM2Q4ntl4jH4s/CiKJyxzWp1YOf
cdPz7P7ytLlChqYxQm7hrOjtplxEH6lXPdR57zVHtdX6zGkNRyPhHyLHzWPbsPxl
503uVFT9RN2+dBXIe0sMBjnu5ukexkg/uMQTvtZs7AXJTuJgSrwcW2cUNQJm8WxJ
qtVXLCOUti+oo+HRZdCZbhPqmKhET/QLpBPOdamIY1wUJEiTfnP+t6WLYRCM8u0m
qaN7k/oF8Y9Ald8bWtkmHZiiNS/paXRB9XG/USM4zo1AAp6r4lA=
=G21G
—–END PGP SIGNATURE—–
—