Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-7369-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.12.2025.7369.1

Kategorie: Ubuntu Local Security Checks

Titel: Ubuntu: Security Advisory (USN-7369-1)

Zusammenfassung: The remote host is missing an update for the 'elfutils' package(s) announced via the USN-7369-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'elfutils' package(s) announced via the USN-7369-1 advisory.

Vulnerability Insight:
It was discovered that readelf from elfutils could be made to read out of
bounds. If a user or automated system were tricked into running readelf
on a specially crafted file, an attacker could cause readelf to crash,
resulting in a denial of service. This issue only affected Ubuntu 24.04
LTS. (CVE-2024-25260)

It was discovered that readelf from elfutils could be made to write out of
bounds. If a user or automated system were tricked into running readelf
on a specially crafted file, an attacker could cause readelf to crash,
resulting in a denial of service, or possibly execute arbitrary code.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1365)

It was discovered that readelf from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
readelf on a specially crafted file, an attacker could cause readelf to
crash, resulting in a denial of service. This issue only affected Ubuntu
24.04 LTS and Ubuntu 24.10. (CVE-2025-1371)

It was discovered that readelf from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
readelf on a specially crafted file, an attacker could cause readelf to
crash, resulting in a denial of service. (CVE-2025-1372)

It was discovered that strip from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
strip on a specially crafted file, an attacker could cause strip to
crash, resulting in a denial of service. (CVE-2025-1377)

Affected Software/OS:
'elfutils' package(s) on Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2024-25260
https://github.com/schsiung/fuzzer_issues/issues/1
https://sourceware.org/bugzilla/show_bug.cgi?id=31058
https://sourceware.org/elfutils/
Common Vulnerability Exposure (CVE) ID: CVE-2025-1365
Common Vulnerability Exposure (CVE) ID: CVE-2025-1371
Common Vulnerability Exposure (CVE) ID: CVE-2025-1372
Common Vulnerability Exposure (CVE) ID: CVE-2025-1377

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.12.2025.7369.1
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu: Security Advisory (USN-7369-1)
Zusammenfassung:	The remote host is missing an update for the 'elfutils' package(s) announced via the USN-7369-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'elfutils' package(s) announced via the USN-7369-1 advisory. Vulnerability Insight: It was discovered that readelf from elfutils could be made to read out of bounds. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-25260) It was discovered that readelf from elfutils could be made to write out of bounds. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1365) It was discovered that readelf from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1371) It was discovered that readelf from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. (CVE-2025-1372) It was discovered that strip from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running strip on a specially crafted file, an attacker could cause strip to crash, resulting in a denial of service. (CVE-2025-1377) Affected Software/OS: 'elfutils' package(s) on Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ Common Vulnerability Exposure (CVE) ID: CVE-2025-1365 Common Vulnerability Exposure (CVE) ID: CVE-2025-1371 Common Vulnerability Exposure (CVE) ID: CVE-2025-1372 Common Vulnerability Exposure (CVE) ID: CVE-2025-1377
Copyright	Copyright (C) 2025 Greenbone AG