Operating System:

[RedHat]

Published:

08 August 2019

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.3021
            elfutils security, bug fix, and enhancement update
                               8 August 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           elfutils
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-7665 CVE-2019-7664 CVE-2019-7150
                   CVE-2019-7149 CVE-2018-18521 CVE-2018-18520
                   CVE-2018-18310 CVE-2018-16403 CVE-2018-16402
                   CVE-2018-16062  

Reference:         ESB-2019.2435
                   ESB-2019.2120
                   ESB-2019.0587

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2019:2197

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: elfutils security, bug fix, and enhancement update
Advisory ID:       RHSA-2019:2197-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2197
Issue date:        2019-08-06
CVE Names:         CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 
                   CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 
                   CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 
                   CVE-2019-7665 
=====================================================================

1. Summary:

An update for elfutils is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The elfutils packages contain a number of utility programs and libraries
related to the creation and maintenance of executable code.

The following packages have been upgraded to a later upstream version:
elfutils (0.176). (BZ#1676504)

Security Fix(es):

* elfutils: Heap-based buffer over-read in
libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file
(CVE-2018-16062)

* elfutils: Double-free due to double decompression of sections in crafted
ELF causes crash (CVE-2018-16402)

* elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and
libwd/dwarf_hasattr.c causes crash (CVE-2018-16403)

* elfutils: invalid memory address dereference was discovered in
dwfl_segment_report_module.c in libdwfl (CVE-2018-18310)

* elfutils: eu-size cannot handle recursive ar files (CVE-2018-18520)

* elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c
(CVE-2018-18521)

* elfutils: heap-based buffer over-read in read_srclines in
dwarf_getsrclines.c in libdw (CVE-2019-7149)

* elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c
(CVE-2019-7150)

* elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h
(CVE-2019-7664)

* elfutils: heap-based buffer over-read in function elf32_xlatetom in
elf32_xlatetom.c (CVE-2019-7665)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1623752 - CVE-2018-16062 elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file
1625050 - CVE-2018-16402 elfutils: Double-free due to double decompression of sections in crafted ELF causes crash
1625055 - CVE-2018-16403 elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash
1642604 - CVE-2018-18310 elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl
1646477 - CVE-2018-18520 elfutils: eu-size cannot handle recursive ar files
1646482 - CVE-2018-18521 elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c
1671443 - CVE-2019-7149 elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw
1671446 - CVE-2019-7150 elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c
1677536 - CVE-2019-7664 elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h
1677538 - CVE-2019-7665 elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c
1704754 - elfutils xlate (cross-endian) functions might not convert an ELF Note header

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
elfutils-0.176-2.el7.src.rpm

noarch:
elfutils-default-yama-scope-0.176-2.el7.noarch.rpm

x86_64:
elfutils-0.176-2.el7.x86_64.rpm
elfutils-debuginfo-0.176-2.el7.i686.rpm
elfutils-debuginfo-0.176-2.el7.x86_64.rpm
elfutils-libelf-0.176-2.el7.i686.rpm
elfutils-libelf-0.176-2.el7.x86_64.rpm
elfutils-libs-0.176-2.el7.i686.rpm
elfutils-libs-0.176-2.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
elfutils-debuginfo-0.176-2.el7.i686.rpm
elfutils-debuginfo-0.176-2.el7.x86_64.rpm
elfutils-devel-0.176-2.el7.i686.rpm
elfutils-devel-0.176-2.el7.x86_64.rpm
elfutils-devel-static-0.176-2.el7.i686.rpm
elfutils-devel-static-0.176-2.el7.x86_64.rpm
elfutils-libelf-devel-0.176-2.el7.i686.rpm
elfutils-libelf-devel-0.176-2.el7.x86_64.rpm
elfutils-libelf-devel-static-0.176-2.el7.i686.rpm
elfutils-libelf-devel-static-0.176-2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
elfutils-0.176-2.el7.src.rpm

noarch:
elfutils-default-yama-scope-0.176-2.el7.noarch.rpm

x86_64:
elfutils-0.176-2.el7.x86_64.rpm
elfutils-debuginfo-0.176-2.el7.i686.rpm
elfutils-debuginfo-0.176-2.el7.x86_64.rpm
elfutils-libelf-0.176-2.el7.i686.rpm
elfutils-libelf-0.176-2.el7.x86_64.rpm
elfutils-libs-0.176-2.el7.i686.rpm
elfutils-libs-0.176-2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
elfutils-debuginfo-0.176-2.el7.i686.rpm
elfutils-debuginfo-0.176-2.el7.x86_64.rpm
elfutils-devel-0.176-2.el7.i686.rpm
elfutils-devel-0.176-2.el7.x86_64.rpm
elfutils-devel-static-0.176-2.el7.i686.rpm
elfutils-devel-static-0.176-2.el7.x86_64.rpm
elfutils-libelf-devel-0.176-2.el7.i686.rpm
elfutils-libelf-devel-0.176-2.el7.x86_64.rpm
elfutils-libelf-devel-static-0.176-2.el7.i686.rpm
elfutils-libelf-devel-static-0.176-2.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
elfutils-0.176-2.el7.src.rpm

noarch:
elfutils-default-yama-scope-0.176-2.el7.noarch.rpm

ppc64:
elfutils-0.176-2.el7.ppc64.rpm
elfutils-debuginfo-0.176-2.el7.ppc.rpm
elfutils-debuginfo-0.176-2.el7.ppc64.rpm
elfutils-devel-0.176-2.el7.ppc.rpm
elfutils-devel-0.176-2.el7.ppc64.rpm
elfutils-libelf-0.176-2.el7.ppc.rpm
elfutils-libelf-0.176-2.el7.ppc64.rpm
elfutils-libelf-devel-0.176-2.el7.ppc.rpm
elfutils-libelf-devel-0.176-2.el7.ppc64.rpm
elfutils-libs-0.176-2.el7.ppc.rpm
elfutils-libs-0.176-2.el7.ppc64.rpm

ppc64le:
elfutils-0.176-2.el7.ppc64le.rpm
elfutils-debuginfo-0.176-2.el7.ppc64le.rpm
elfutils-devel-0.176-2.el7.ppc64le.rpm
elfutils-libelf-0.176-2.el7.ppc64le.rpm
elfutils-libelf-devel-0.176-2.el7.ppc64le.rpm
elfutils-libs-0.176-2.el7.ppc64le.rpm

s390x:
elfutils-0.176-2.el7.s390x.rpm
elfutils-debuginfo-0.176-2.el7.s390.rpm
elfutils-debuginfo-0.176-2.el7.s390x.rpm
elfutils-devel-0.176-2.el7.s390.rpm
elfutils-devel-0.176-2.el7.s390x.rpm
elfutils-libelf-0.176-2.el7.s390.rpm
elfutils-libelf-0.176-2.el7.s390x.rpm
elfutils-libelf-devel-0.176-2.el7.s390.rpm
elfutils-libelf-devel-0.176-2.el7.s390x.rpm
elfutils-libs-0.176-2.el7.s390.rpm
elfutils-libs-0.176-2.el7.s390x.rpm

x86_64:
elfutils-0.176-2.el7.x86_64.rpm
elfutils-debuginfo-0.176-2.el7.i686.rpm
elfutils-debuginfo-0.176-2.el7.x86_64.rpm
elfutils-devel-0.176-2.el7.i686.rpm
elfutils-devel-0.176-2.el7.x86_64.rpm
elfutils-libelf-0.176-2.el7.i686.rpm
elfutils-libelf-0.176-2.el7.x86_64.rpm
elfutils-libelf-devel-0.176-2.el7.i686.rpm
elfutils-libelf-devel-0.176-2.el7.x86_64.rpm
elfutils-libs-0.176-2.el7.i686.rpm
elfutils-libs-0.176-2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
elfutils-debuginfo-0.176-2.el7.ppc.rpm
elfutils-debuginfo-0.176-2.el7.ppc64.rpm
elfutils-devel-static-0.176-2.el7.ppc.rpm
elfutils-devel-static-0.176-2.el7.ppc64.rpm
elfutils-libelf-devel-static-0.176-2.el7.ppc.rpm
elfutils-libelf-devel-static-0.176-2.el7.ppc64.rpm

ppc64le:
elfutils-debuginfo-0.176-2.el7.ppc64le.rpm
elfutils-devel-static-0.176-2.el7.ppc64le.rpm
elfutils-libelf-devel-static-0.176-2.el7.ppc64le.rpm

s390x:
elfutils-debuginfo-0.176-2.el7.s390.rpm
elfutils-debuginfo-0.176-2.el7.s390x.rpm
elfutils-devel-static-0.176-2.el7.s390.rpm
elfutils-devel-static-0.176-2.el7.s390x.rpm
elfutils-libelf-devel-static-0.176-2.el7.s390.rpm
elfutils-libelf-devel-static-0.176-2.el7.s390x.rpm

x86_64:
elfutils-debuginfo-0.176-2.el7.i686.rpm
elfutils-debuginfo-0.176-2.el7.x86_64.rpm
elfutils-devel-static-0.176-2.el7.i686.rpm
elfutils-devel-static-0.176-2.el7.x86_64.rpm
elfutils-libelf-devel-static-0.176-2.el7.i686.rpm
elfutils-libelf-devel-static-0.176-2.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
elfutils-0.176-2.el7.src.rpm

noarch:
elfutils-default-yama-scope-0.176-2.el7.noarch.rpm

x86_64:
elfutils-0.176-2.el7.x86_64.rpm
elfutils-debuginfo-0.176-2.el7.i686.rpm
elfutils-debuginfo-0.176-2.el7.x86_64.rpm
elfutils-devel-0.176-2.el7.i686.rpm
elfutils-devel-0.176-2.el7.x86_64.rpm
elfutils-libelf-0.176-2.el7.i686.rpm
elfutils-libelf-0.176-2.el7.x86_64.rpm
elfutils-libelf-devel-0.176-2.el7.i686.rpm
elfutils-libelf-devel-0.176-2.el7.x86_64.rpm
elfutils-libs-0.176-2.el7.i686.rpm
elfutils-libs-0.176-2.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
elfutils-debuginfo-0.176-2.el7.i686.rpm
elfutils-debuginfo-0.176-2.el7.x86_64.rpm
elfutils-devel-static-0.176-2.el7.i686.rpm
elfutils-devel-static-0.176-2.el7.x86_64.rpm
elfutils-libelf-devel-static-0.176-2.el7.i686.rpm
elfutils-libelf-devel-static-0.176-2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-16062
https://access.redhat.com/security/cve/CVE-2018-16402
https://access.redhat.com/security/cve/CVE-2018-16403
https://access.redhat.com/security/cve/CVE-2018-18310
https://access.redhat.com/security/cve/CVE-2018-18520
https://access.redhat.com/security/cve/CVE-2018-18521
https://access.redhat.com/security/cve/CVE-2019-7149
https://access.redhat.com/security/cve/CVE-2019-7150
https://access.redhat.com/security/cve/CVE-2019-7664
https://access.redhat.com/security/cve/CVE-2019-7665
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXUl3qtzjgjWX9erEAQj3ORAAhg86S45ctlnwL4Me7VDFUT4nymzdVHJt
FAZUZVHPkslvxLNCi0zdsfpDEvXcQNr78kDDq2+357ZYmgx6XvOhPONWjVjPDqY+
J+MaKkCzfDU7a48AGg5SlTwnWNWTgIvcVE3/P8WQZa7EIUAEFw7ceRCyoQMhRSnI
11lOO59NPpCCFWXa6KiACsin5Pgr7+770jQSVhJYqvhZPvpUnCMTR9ypkgUlGV9B
Ex28M711yz8ew0stBMNJ9gTYJmuvh0mebN4kfCKJUSa13lekbJ8aa/Bp9EWuYO0n
g4N1xvnQkEdktc1mgm/MqFRLyz57aEKMuF8xZnTRTd3qYuGfQFPR492SmJ4VMMGx
lb/6shLaAXDnjaPPJlWE1+oy25apFjACnQ8ky3A1w3PNpE5ETO0HVZcFmJMIeH+I
ozgwy5rK/DoAB8f7vPL7W4ZlRYe498itBBZUIJV1fI/wDSKE/mVcy/b1oTm/lDCu
T2D4qeJfpY9VGaEKEuFf7+5ZXSQM3andxQxFMYOBaLghow1ZIx3M80kQgBtdjSqP
a6uTkxWrs6uFO82/8r2fZedSMsgiinH36uVXbVSJVhrwluFap44LLEt+PsPyIE0Y
GTfroM3A6eArVEJzUkOZcVGSKHrsOozNjmRnx+/fFPGCo6VjxkY4zKPZauB9+aTg
TH73WCGXpoA=
=4I1u
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXUuyDmaOgq3Tt24GAQgnSA//Zuiw0yQp+gT+EFxVBq0nMkScvL9ee7UO
lcp4kapJXz85l/R9oKsrmO1L5YsPVhxX/ym6Gv6mxZmc4BPXF2j72YkwSEZRGcLS
EjsPMCt3a1tx71BR9Y2gMBmBWW1C/zfmfxwCRfxgRS4zmMXvo9Ql/loZMrc5M8CO
a1zdAG0MWvqI3VQhKT3xTzbwgOgdMCqkFMepVPUcVsXWs2Je3G039pj+Z7pfQo1P
cXf2w4l9K/lmSAyWhLbLsHH/RDZxuHnPtkD7PhzIFIkTyob0kM4pgICmKrcxvFHx
A/2ncWUkeNnSlVfTlHuGeFzGCP8pxleYsLQnZkWJkOsDwCtEqDx4fmWgehhm5d0h
+0JEsKNRoQaIQHDYIlLkwaz35Df4hUc5KfKp7LJva1821Og6x28UqcmtP1UHvfBh
PA78d9dYaom0rf4W67nkiAb80dD57MuPKwMoDdLNVgNaDb6PFJaEVKdXL98YRpCj
KFL5CS2ZU4osLZxviuxrFH4JXzDx9T5X/l1kKkMXbD5Cc/TyXlEkuqDoE8dRlCLZ
Fbq8xHGkMfp0esbtV0SyguB6GmOB5JgQxq4ANkg3becpEaxxeJsjGPIHm1EeNXVN
Dl88pTTOWhUm2ACjSqqSEGpcCURn/GJWElEbXiqwD/pIBXivySK1z0LRjFOqBTCV
gNuPEOvitJ8=
=2ae/
-----END PGP SIGNATURE-----