|
|
Subscribe / Log in / New account

Debian alert DLA-3579-1 (elfutils)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3579-1] elfutils security update


Date:
              Sat, 23 Sep 2023 16:56:12 +0000


Message-ID:
              <alpine.DEB.2.21.2309231652310.24177@postfach.intern.alteholz.me>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3579-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 23, 2023                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : elfutils
Version        : 0.176-1.1+deb10u1
CVE ID         : CVE-2020-21047


An issue has been found in elfutils, a collection of utilities to handle 
ELF objects.
Due to missing bound checks and reachable asserts, an attacker can 
use crafted elf files to trigger application crashes that result in 
denial-of-services.

For Debian 10 buster, this problem has been fixed in version
0.176-1.1+deb10u1.

We recommend that you upgrade your elfutils packages.

For the detailed security status of elfutils please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/elfutils

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmUPGK1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdKoA/9H8PG4zV62/qQUBNZpEiVNC2ZU60S2R2guXvJ+1X2PpHD6rDLnfTcx4kh
NO2UC4S4CeYXMfkfgYAR6Kf/3s3hVyhqOa4wPBggbU7CBwtam6Q9gBs9CaAETSbb
bGf6B30YfozkeoAhOCU6q/2/KcbO3SSk/QPi3lXTOHILecKYkrpIuUWA2stA+mPQ
zkFRW+CkLzTUhEEP37T1WSdFL//lbI/BgEBsgKvEnb9G+LeAKlqoivS3i2cMgCCs
zojwZt2wlvrLyNKgelJ+zw/4rUz4t74YpxET2cW3KHSCeSDhHg68TkaqAbHIuW7s
VDhlp4Iiu86qs9xnfyXfsxQVrOzIGwHYE5K+AKIhSDSOA9NNxhODtbYQfVnodSD1
KX87csHpwSFgE9uT+5U5UaKwp8N7nXrIeu6tUJqrOZPmsbIMlc+W4H+Q0YvMQDLD
a4VMmynUbXOL15GmVAuTyoTa0cv5myHPjsdt9FD5t5foEl2+1ZG+4Kmf6vf3kDKn
ype8veNgDKToiF+OuO9Zrez5vWiX4DWa6PP2yg0QPIXrcltuxYUa+r0F89loyn5Y
Ryl1hFrp6DrhHHgtrcISkXJn520kgSZNv4OZDND0JgsRVr1FxC1QkPun20RdDj2l
/nWyzWwsJMbcF+nvCfb3OJ9ghj12eadIaYEFfpjAn7brbAbPHxo=
=YXt/
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds