Security update for elfutils SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1590-1 Final 1 1 2019-06-19T20:18:43Z current 2019-06-19T20:18:43Z 2019-06-19T20:18:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for elfutils This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1590 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html E-Mail link for openSUSE-SU-2019:1590-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1033084 SUSE Bug 1033084 https://bugzilla.suse.com/1033085 SUSE Bug 1033085 https://bugzilla.suse.com/1033086 SUSE Bug 1033086 https://bugzilla.suse.com/1033087 SUSE Bug 1033087 https://bugzilla.suse.com/1033088 SUSE Bug 1033088 https://bugzilla.suse.com/1033089 SUSE Bug 1033089 https://bugzilla.suse.com/1033090 SUSE Bug 1033090 https://bugzilla.suse.com/1106390 SUSE Bug 1106390 https://bugzilla.suse.com/1107066 SUSE Bug 1107066 https://bugzilla.suse.com/1107067 SUSE Bug 1107067 https://bugzilla.suse.com/1111973 SUSE Bug 1111973 https://bugzilla.suse.com/1112723 SUSE Bug 1112723 https://bugzilla.suse.com/1112726 SUSE Bug 1112726 https://bugzilla.suse.com/1123685 SUSE Bug 1123685 https://bugzilla.suse.com/1125007 SUSE Bug 1125007 https://www.suse.com/security/cve/CVE-2017-7607/ SUSE CVE CVE-2017-7607 page https://www.suse.com/security/cve/CVE-2017-7608/ SUSE CVE CVE-2017-7608 page https://www.suse.com/security/cve/CVE-2017-7609/ SUSE CVE CVE-2017-7609 page https://www.suse.com/security/cve/CVE-2017-7610/ SUSE CVE CVE-2017-7610 page https://www.suse.com/security/cve/CVE-2017-7611/ SUSE CVE CVE-2017-7611 page https://www.suse.com/security/cve/CVE-2017-7612/ SUSE CVE CVE-2017-7612 page https://www.suse.com/security/cve/CVE-2017-7613/ SUSE CVE CVE-2017-7613 page https://www.suse.com/security/cve/CVE-2018-16062/ SUSE CVE CVE-2018-16062 page https://www.suse.com/security/cve/CVE-2018-16402/ SUSE CVE CVE-2018-16402 page https://www.suse.com/security/cve/CVE-2018-16403/ SUSE CVE CVE-2018-16403 page https://www.suse.com/security/cve/CVE-2018-18310/ SUSE CVE CVE-2018-18310 page https://www.suse.com/security/cve/CVE-2018-18520/ SUSE CVE CVE-2018-18520 page https://www.suse.com/security/cve/CVE-2018-18521/ SUSE CVE CVE-2018-18521 page https://www.suse.com/security/cve/CVE-2019-7150/ SUSE CVE CVE-2019-7150 page https://www.suse.com/security/cve/CVE-2019-7665/ SUSE CVE CVE-2019-7665 page openSUSE Leap 15.0 openSUSE Leap 15.1 elfutils-0.168-lp151.4.3.1 elfutils-lang-0.168-lp151.4.3.1 libasm-devel-0.168-lp151.4.3.1 libasm1-0.168-lp151.4.3.1 libasm1-32bit-0.168-lp151.4.3.1 libdw-devel-0.168-lp151.4.3.1 libdw1-0.168-lp151.4.3.1 libdw1-32bit-0.168-lp151.4.3.1 libebl-devel-0.168-lp151.4.3.1 libebl-plugins-0.168-lp151.4.3.1 libebl-plugins-32bit-0.168-lp151.4.3.1 libelf-devel-0.168-lp151.4.3.1 libelf-devel-32bit-0.168-lp151.4.3.1 libelf1-0.168-lp151.4.3.1 libelf1-32bit-0.168-lp151.4.3.1 elfutils-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 elfutils-lang-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libasm-devel-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libasm1-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libasm1-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libdw-devel-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libdw1-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libdw1-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libebl-devel-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libebl-plugins-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libebl-plugins-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libelf-devel-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libelf-devel-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libelf1-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 libelf1-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.0 elfutils-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 elfutils-lang-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libasm-devel-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libasm1-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libasm1-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libdw-devel-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libdw1-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libdw1-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libebl-devel-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libebl-plugins-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libebl-plugins-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libelf-devel-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libelf-devel-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libelf1-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 libelf1-32bit-0.168-lp151.4.3.1 as a component of openSUSE Leap 15.1 The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7607 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2017-7607.html CVE-2017-7607 https://bugzilla.suse.com/1033084 SUSE Bug 1033084 The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7608 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2017-7608.html CVE-2017-7608 https://bugzilla.suse.com/1033085 SUSE Bug 1033085 elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVE-2017-7609 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2017-7609.html CVE-2017-7609 https://bugzilla.suse.com/1033086 SUSE Bug 1033086 The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7610 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2017-7610.html CVE-2017-7610 https://bugzilla.suse.com/1033087 SUSE Bug 1033087 The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7611 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2017-7611.html CVE-2017-7611 https://bugzilla.suse.com/1033088 SUSE Bug 1033088 The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. CVE-2017-7612 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2017-7612.html CVE-2017-7612 https://bugzilla.suse.com/1033089 SUSE Bug 1033089 elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. CVE-2017-7613 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2017-7613.html CVE-2017-7613 https://bugzilla.suse.com/1033090 SUSE Bug 1033090 dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. CVE-2018-16062 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2018-16062.html CVE-2018-16062 https://bugzilla.suse.com/1106390 SUSE Bug 1106390 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. CVE-2018-16402 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2018-16402.html CVE-2018-16402 https://bugzilla.suse.com/1107066 SUSE Bug 1107066 libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. CVE-2018-16403 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2018-16403.html CVE-2018-16403 https://bugzilla.suse.com/1107067 SUSE Bug 1107067 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. CVE-2018-18310 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2018-18310.html CVE-2018-18310 https://bugzilla.suse.com/1111973 SUSE Bug 1111973 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. CVE-2018-18520 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2018-18520.html CVE-2018-18520 https://bugzilla.suse.com/1112726 SUSE Bug 1112726 Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. CVE-2018-18521 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2018-18521.html CVE-2018-18521 https://bugzilla.suse.com/1112723 SUSE Bug 1112723 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. CVE-2019-7150 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2019-7150.html CVE-2019-7150 https://bugzilla.suse.com/1123685 SUSE Bug 1123685 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. CVE-2019-7665 openSUSE Leap 15.0:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.0:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.0:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.0:libelf1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-0.168-lp151.4.3.1 openSUSE Leap 15.1:elfutils-lang-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libasm1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libdw1-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-0.168-lp151.4.3.1 openSUSE Leap 15.1:libebl-plugins-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf-devel-32bit-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-0.168-lp151.4.3.1 openSUSE Leap 15.1:libelf1-32bit-0.168-lp151.4.3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://www.suse.com/security/cve/CVE-2019-7665.html CVE-2019-7665 https://bugzilla.suse.com/1125007 SUSE Bug 1125007