Synopsis: Low: elfutils security, bug fix, and enhancement update Advisory ID: SLSA-2019:2197-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-16062 CVE-2019-7665 CVE-2018-18310 CVE-2018-18520 CVE-2019-7664 CVE-2019-7150 CVE-2019-7149 CVE-2018-18521 CVE-2018-16403 CVE-2018-16402 -- The following packages have been upgraded to a later upstream version: elfutils (0.176). Security Fix(es): * elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file (CVE-2018-16062) * elfutils: Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402) * elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash (CVE-2018-16403) * elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl (CVE-2018-18310) * elfutils: eu-size cannot handle recursive ar files (CVE-2018-18520) * elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c (CVE-2018-18521) * elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw (CVE-2019-7149) * elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150) * elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h (CVE-2019-7664) * elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665) -- SL7 x86_64 elfutils-libs-0.176-2.el7.i686.rpm elfutils-libelf-devel-0.176-2.el7.i686.rpm elfutils-default-yama-scope-0.176-2.el7.noarch.rpm elfutils-libelf-devel-0.176-2.el7.x86_64.rpm elfutils-libelf-0.176-2.el7.x86_64.rpm elfutils-0.176-2.el7.x86_64.rpm elfutils-libs-0.176-2.el7.x86_64.rpm elfutils-devel-0.176-2.el7.i686.rpm elfutils-libelf-0.176-2.el7.i686.rpm elfutils-devel-0.176-2.el7.x86_64.rpm elfutils-libelf-devel-static-0.176-2.el7.i686.rpm elfutils-devel-static-0.176-2.el7.i686.rpm elfutils-devel-static-0.176-2.el7.x86_64.rpm elfutils-libelf-devel-static-0.176-2.el7.x86_64.rpm elfutils-debuginfo-0.176-2.el7.i686.rpm elfutils-debuginfo-0.176-2.el7.x86_64.rpm noarch elfutils-default-yama-scope-0.176-2.el7.noarch.rpm - Scientific Linux Development Team