[USN-3670-1] elfutils vulnerabilities


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–===============6341636526293840534==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol=”application/pgp-signature”;
boundary=”cpxaHfGAotqeRJ5CVxlifu5C7r7MaBaZm”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–cpxaHfGAotqeRJ5CVxlifu5C7r7MaBaZm
Content-Type: multipart/mixed; boundary=”QJ3suO0ysQcB1NEMd9wC7YWP42VDURL32″;
protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID:
Subject: [USN-3670-1] elfutils vulnerabilities

–QJ3suO0ysQcB1NEMd9wC7YWP42VDURL32
Content-Type: text/plain; charset=utf-8
Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-3670-1
June 05, 2018

elfutils vulnerabilities
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

elfutils could be made to crash or consume resources if it opened a
specially crafted file.

Software Description:
– elfutils: collection of utilities to handle ELF objects

Details:

Agostino Sarubbo discovered that elfutils incorrectly handled certain
malformed ELF files. If a user or automated system were tricked into
processing a specially crafted ELF file, elfutils could be made to crash =
or
consume resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
elfutils 0.165-3ubuntu1.1
libasm1 0.165-3ubuntu1.1
libdw1 0.165-3ubuntu1.1
libelf1 0.165-3ubuntu1.1

Ubuntu 14.04 LTS:
elfutils 0.158-0ubuntu5.3
libasm1 0.158-0ubuntu5.3
libdw1 0.158-0ubuntu5.3
libelf1 0.158-0ubuntu5.3

In general, a standard system update will make all the necessary changes.=

References:
https://usn.ubuntu.com/usn/usn-3670-1
CVE-2016-10254, CVE-2016-10255, CVE-2017-7607, CVE-2017-7608,
CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612,
CVE-2017-7613

Package Information:
https://launchpad.net/ubuntu/+source/elfutils/0.165-3ubuntu1.1
https://launchpad.net/ubuntu/+source/elfutils/0.158-0ubuntu5.3

–QJ3suO0ysQcB1NEMd9wC7YWP42VDURL32–

–cpxaHfGAotqeRJ5CVxlifu5C7r7MaBaZm
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsWsYIACgkQZWnYVadE
vpMnORAAuzrS+kO5WHVm6+82CSqog/v1ZKPlos8jSJg5Ug+ek9Z/5Z0kVkkzaNSj
5iD4XLdNMIHFsV8xvr+b+VzB9t1fOomq8nZ5sV5D9kRImsSBoP5KUMVYNfzDXvaz
eqo0jsw5SFRUtAyur2YN2MPzUPNKeI2ed/CcpNOKRH9X7RaV+P4ulzNPHGxYbgFl
3VRR6veIB7+0FOa+W/eaErDTaMmyH0zWcUtEqELgGdkch1y3L/370m5S0XCGVp9V
+C5crrs7/2Tbpp+J4nKcGB0yr/5AFn2Jx8SQFoYMSeAgeFJFKZenWN4N2t2ILukH
otB1vviMTPNMjLJn38RqZBtillJEgKNi+cTLRTyxvhu5RHaSsFkZmRAmVisdLN5A
2THA+XuXku9DLV9/k2BINJGvgLGVUY7H2LrxMWM2Q4ntl4jH4s/CiKJyxzWp1YOf
cdPz7P7ytLlChqYxQm7hrOjtplxEH6lXPdR57zVHtdX6zGkNRyPhHyLHzWPbsPxl
503uVFT9RN2+dBXIe0sMBjnu5ukexkg/uMQTvtZs7AXJTuJgSrwcW2cUNQJm8WxJ
qtVXLCOUti+oo+HRZdCZbhPqmKhET/QLpBPOdamIY1wUJEiTfnP+t6WLYRCM8u0m
qaN7k/oF8Y9Ald8bWtkmHZiiNS/paXRB9XG/USM4zo1AAp6r4lA=
=G21G
—–END PGP SIGNATURE—–

–cpxaHfGAotqeRJ5CVxlifu5C7r7MaBaZm–

–===============6341636526293840534==
Content-Type: text/plain; charset=”utf-8″
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

–===============6341636526293840534==–