debuginfod-dummy-client-0.185-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10733 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z debuginfod-dummy-client-0.185-3.1 on GA media These are all security issues fixed in the debuginfod-dummy-client-0.185-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10733 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10733 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-18310/ SUSE CVE CVE-2018-18310 page https://www.suse.com/security/cve/CVE-2019-7146/ SUSE CVE CVE-2019-7146 page https://www.suse.com/security/cve/CVE-2019-7664/ SUSE CVE CVE-2019-7664 page openSUSE Tumbleweed debuginfod-dummy-client-0.185-3.1 elfutils-0.185-3.1 elfutils-lang-0.185-3.1 libasm-devel-0.185-3.1 libasm1-0.185-3.1 libasm1-32bit-0.185-3.1 libdebuginfod-dummy-devel-0.185-3.1 libdebuginfod1-dummy-0.185-3.1 libdw-devel-0.185-3.1 libdw1-0.185-3.1 libdw1-32bit-0.185-3.1 libelf-devel-0.185-3.1 libelf-devel-32bit-0.185-3.1 libelf1-0.185-3.1 libelf1-32bit-0.185-3.1 debuginfod-dummy-client-0.185-3.1 as a component of openSUSE Tumbleweed elfutils-0.185-3.1 as a component of openSUSE Tumbleweed elfutils-lang-0.185-3.1 as a component of openSUSE Tumbleweed libasm-devel-0.185-3.1 as a component of openSUSE Tumbleweed libasm1-0.185-3.1 as a component of openSUSE Tumbleweed libasm1-32bit-0.185-3.1 as a component of openSUSE Tumbleweed libdebuginfod-dummy-devel-0.185-3.1 as a component of openSUSE Tumbleweed libdebuginfod1-dummy-0.185-3.1 as a component of openSUSE Tumbleweed libdw-devel-0.185-3.1 as a component of openSUSE Tumbleweed libdw1-0.185-3.1 as a component of openSUSE Tumbleweed libdw1-32bit-0.185-3.1 as a component of openSUSE Tumbleweed libelf-devel-0.185-3.1 as a component of openSUSE Tumbleweed libelf-devel-32bit-0.185-3.1 as a component of openSUSE Tumbleweed libelf1-0.185-3.1 as a component of openSUSE Tumbleweed libelf1-32bit-0.185-3.1 as a component of openSUSE Tumbleweed An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. CVE-2018-18310 openSUSE Tumbleweed:debuginfod-dummy-client-0.185-3.1 openSUSE Tumbleweed:elfutils-0.185-3.1 openSUSE Tumbleweed:elfutils-lang-0.185-3.1 openSUSE Tumbleweed:libasm-devel-0.185-3.1 openSUSE Tumbleweed:libasm1-0.185-3.1 openSUSE Tumbleweed:libasm1-32bit-0.185-3.1 openSUSE Tumbleweed:libdebuginfod-dummy-devel-0.185-3.1 openSUSE Tumbleweed:libdebuginfod1-dummy-0.185-3.1 openSUSE Tumbleweed:libdw-devel-0.185-3.1 openSUSE Tumbleweed:libdw1-0.185-3.1 openSUSE Tumbleweed:libdw1-32bit-0.185-3.1 openSUSE Tumbleweed:libelf-devel-0.185-3.1 openSUSE Tumbleweed:libelf-devel-32bit-0.185-3.1 openSUSE Tumbleweed:libelf1-0.185-3.1 openSUSE Tumbleweed:libelf1-32bit-0.185-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18310.html CVE-2018-18310 https://bugzilla.suse.com/1111973 SUSE Bug 1111973 In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. CVE-2019-7146 openSUSE Tumbleweed:debuginfod-dummy-client-0.185-3.1 openSUSE Tumbleweed:elfutils-0.185-3.1 openSUSE Tumbleweed:elfutils-lang-0.185-3.1 openSUSE Tumbleweed:libasm-devel-0.185-3.1 openSUSE Tumbleweed:libasm1-0.185-3.1 openSUSE Tumbleweed:libasm1-32bit-0.185-3.1 openSUSE Tumbleweed:libdebuginfod-dummy-devel-0.185-3.1 openSUSE Tumbleweed:libdebuginfod1-dummy-0.185-3.1 openSUSE Tumbleweed:libdw-devel-0.185-3.1 openSUSE Tumbleweed:libdw1-0.185-3.1 openSUSE Tumbleweed:libdw1-32bit-0.185-3.1 openSUSE Tumbleweed:libelf-devel-0.185-3.1 openSUSE Tumbleweed:libelf-devel-32bit-0.185-3.1 openSUSE Tumbleweed:libelf1-0.185-3.1 openSUSE Tumbleweed:libelf1-32bit-0.185-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7146.html CVE-2019-7146 https://bugzilla.suse.com/1123545 SUSE Bug 1123545 In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). CVE-2019-7664 openSUSE Tumbleweed:debuginfod-dummy-client-0.185-3.1 openSUSE Tumbleweed:elfutils-0.185-3.1 openSUSE Tumbleweed:elfutils-lang-0.185-3.1 openSUSE Tumbleweed:libasm-devel-0.185-3.1 openSUSE Tumbleweed:libasm1-0.185-3.1 openSUSE Tumbleweed:libasm1-32bit-0.185-3.1 openSUSE Tumbleweed:libdebuginfod-dummy-devel-0.185-3.1 openSUSE Tumbleweed:libdebuginfod1-dummy-0.185-3.1 openSUSE Tumbleweed:libdw-devel-0.185-3.1 openSUSE Tumbleweed:libdw1-0.185-3.1 openSUSE Tumbleweed:libdw1-32bit-0.185-3.1 openSUSE Tumbleweed:libelf-devel-0.185-3.1 openSUSE Tumbleweed:libelf-devel-32bit-0.185-3.1 openSUSE Tumbleweed:libelf1-0.185-3.1 openSUSE Tumbleweed:libelf1-32bit-0.185-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7664.html CVE-2019-7664 https://bugzilla.suse.com/1125008 SUSE Bug 1125008