[3.6] elfutils: Multiple issues (CVE-2017-7607, CVE-2017-7608)
CVE-2017-7607: Heap-buffer overflow in the handle_gnu_hash function
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows
remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) via a
crafted ELF file.
References:
http://openwall.com/lists/oss-security/2017/04/10/8
https://nvd.nist.gov/vuln/detail/CVE-2017-7607
Patch:
https://sourceware.org/ml/elfutils-devel/2017-q1/msg00109.html
CVE-2017-7608: Heap-buffer overflow in the ebl_object_note_type_name function
The ebl_object_note_type_name function in eblobjnotetypename.c in
elfutils 0.168 allows remote attackers to
cause a denial of service (heap-based buffer over-read and application
crash) via a crafted ELF file.
References:
http://openwall.com/lists/oss-security/2017/04/10/9
Patch:
https://sourceware.org/ml/elfutils-devel/2017-q1/msg00111.html
(from redmine: issue id 7160, created on 2017-04-18, closed on 2017-05-02)
- Changesets:
- Revision 4a45ace1 on 2017-04-26T12:10:11Z:
main/elfutils: security fixes #7160