elfutils-0.167-1.5 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10570-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z elfutils-0.167-1.5 on GA media These are all security issues fixed in the elfutils-0.167-1.5 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10570 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-0172/ SUSE CVE CVE-2014-0172 page https://www.suse.com/security/cve/CVE-2014-9447/ SUSE CVE CVE-2014-9447 page openSUSE Tumbleweed elfutils-0.167-1.5 elfutils-lang-0.167-1.5 libasm-devel-0.167-1.5 libasm1-0.167-1.5 libasm1-32bit-0.167-1.5 libdw-devel-0.167-1.5 libdw1-0.167-1.5 libdw1-32bit-0.167-1.5 libebl-devel-0.167-1.5 libebl1-0.167-1.5 libebl1-32bit-0.167-1.5 libelf-devel-0.167-1.5 libelf-devel-32bit-0.167-1.5 libelf1-0.167-1.5 libelf1-32bit-0.167-1.5 elfutils-0.167-1.5 as a component of openSUSE Tumbleweed elfutils-lang-0.167-1.5 as a component of openSUSE Tumbleweed libasm-devel-0.167-1.5 as a component of openSUSE Tumbleweed libasm1-0.167-1.5 as a component of openSUSE Tumbleweed libasm1-32bit-0.167-1.5 as a component of openSUSE Tumbleweed libdw-devel-0.167-1.5 as a component of openSUSE Tumbleweed libdw1-0.167-1.5 as a component of openSUSE Tumbleweed libdw1-32bit-0.167-1.5 as a component of openSUSE Tumbleweed libebl-devel-0.167-1.5 as a component of openSUSE Tumbleweed libebl1-0.167-1.5 as a component of openSUSE Tumbleweed libebl1-32bit-0.167-1.5 as a component of openSUSE Tumbleweed libelf-devel-0.167-1.5 as a component of openSUSE Tumbleweed libelf-devel-32bit-0.167-1.5 as a component of openSUSE Tumbleweed libelf1-0.167-1.5 as a component of openSUSE Tumbleweed libelf1-32bit-0.167-1.5 as a component of openSUSE Tumbleweed Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow. CVE-2014-0172 openSUSE Tumbleweed:elfutils-0.167-1.5 openSUSE Tumbleweed:elfutils-lang-0.167-1.5 openSUSE Tumbleweed:libasm-devel-0.167-1.5 openSUSE Tumbleweed:libasm1-0.167-1.5 openSUSE Tumbleweed:libasm1-32bit-0.167-1.5 openSUSE Tumbleweed:libdw-devel-0.167-1.5 openSUSE Tumbleweed:libdw1-0.167-1.5 openSUSE Tumbleweed:libdw1-32bit-0.167-1.5 openSUSE Tumbleweed:libebl-devel-0.167-1.5 openSUSE Tumbleweed:libebl1-0.167-1.5 openSUSE Tumbleweed:libebl1-32bit-0.167-1.5 openSUSE Tumbleweed:libelf-devel-0.167-1.5 openSUSE Tumbleweed:libelf-devel-32bit-0.167-1.5 openSUSE Tumbleweed:libelf1-0.167-1.5 openSUSE Tumbleweed:libelf1-32bit-0.167-1.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0172.html CVE-2014-0172 https://bugzilla.suse.com/872785 SUSE Bug 872785 Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. CVE-2014-9447 openSUSE Tumbleweed:elfutils-0.167-1.5 openSUSE Tumbleweed:elfutils-lang-0.167-1.5 openSUSE Tumbleweed:libasm-devel-0.167-1.5 openSUSE Tumbleweed:libasm1-0.167-1.5 openSUSE Tumbleweed:libasm1-32bit-0.167-1.5 openSUSE Tumbleweed:libdw-devel-0.167-1.5 openSUSE Tumbleweed:libdw1-0.167-1.5 openSUSE Tumbleweed:libdw1-32bit-0.167-1.5 openSUSE Tumbleweed:libebl-devel-0.167-1.5 openSUSE Tumbleweed:libebl1-0.167-1.5 openSUSE Tumbleweed:libebl1-32bit-0.167-1.5 openSUSE Tumbleweed:libelf-devel-0.167-1.5 openSUSE Tumbleweed:libelf-devel-32bit-0.167-1.5 openSUSE Tumbleweed:libelf1-0.167-1.5 openSUSE Tumbleweed:libelf1-32bit-0.167-1.5 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9447.html CVE-2014-9447 https://bugzilla.suse.com/911662 SUSE Bug 911662 https://bugzilla.suse.com/912408 SUSE Bug 912408