You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa elfutils

Sigurnosni nedostaci programskog paketa elfutils

——————————————————————————–
Fedora Update Notification
FEDORA-2018-91382c7bd3
2018-11-18 03:55:01.924086
——————————————————————————–

Name : elfutils
Product : Fedora 29
Version : 0.174
Release : 5.fc29
URL : http://elfutils.org/
Summary : A collection of utilities and DSOs to handle ELF files and DWARF data
Description :
Elfutils is a collection of utilities, including stack (to show
backtraces), nm (for listing symbols from object files), size
(for listing the section sizes of an object or archive file),
strip (for discarding symbols), readelf (to see the raw ELF file
structures), elflint (to check for well-formed ELF files) and
elfcompress (to compress or decompress ELF sections).

——————————————————————————–
Update Information:

Add support for ELF version, gnu property and gnu attrbutes notes. Fix eu-strip
/eu-unstrip section group handling. Fixes CVE-2018-18310, CVE-2018-18520 and
CVE-2018-18521.
——————————————————————————–
ChangeLog:

* Wed Nov 14 2018 Mark Wielaard <mjw@fedoraproject.org> – 0.174-5
– Add elfutils-0.174-x86_64_unwind.patch.
– Add elfutils-0.174-gnu-property-note.patch.
– Add elfutils-0.174-version-note.patch.
– Add elfutils-0.174-gnu-attribute-note.patch
* Tue Nov 6 2018 Mark Wielaard <mjw@fedoraproject.org> – 0.174-4
– Add elfutils-0.174-size-rec-ar.patch
CVE-2018-18520 (#1646478)
– Add elfutils-0.174-ar-sh_entsize-zero.patch
CVE-2018-18521 (#1646483)
* Fri Nov 2 2018 Mark Wielaard <mjw@fedoraproject.org> – 0.174-3
– Add elfutils-0.174-libdwfl-sanity-check-core-reads.patch
CVE-2018-18310 (#1642605)
* Wed Oct 17 2018 Mark Wielaard <mjw@fedoraproject.org> – 0.174-2
– Add elfutils-0.174-strip-unstrip-group.patch.
——————————————————————————–
References:

[ 1 ] Bug #1642604 – CVE-2018-18310 elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl
https://bugzilla.redhat.com/show_bug.cgi?id=1642604
[ 2 ] Bug #1646477 – CVE-2018-18520 elfutils: Invalid Memory Address Dereference exists in the function elf_end in libelf
https://bugzilla.redhat.com/show_bug.cgi?id=1646477
[ 3 ] Bug #1646482 – CVE-2018-18521 elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c
https://bugzilla.redhat.com/show_bug.cgi?id=1646482
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-91382c7bd3’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa chromium-browser

Otkriven je sigurnosni nedostatak u programskom paketu chromium-browser. Otkriveni nedostatak potencijalnim napadačima omogućuje čitanje podataka izvan granica dodijeljenje memorije. Savjetuje...

Close