ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0222
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0222)
Resumen:	The remote host is missing an update for the 'elfutils' package(s) announced via the MGASA-2019-0222 advisory.
Descripción:	Summary: The remote host is missing an update for the 'elfutils' package(s) announced via the MGASA-2019-0222 advisory. Vulnerability Insight: It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665). In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash) (CVE-2019-7664). Affected Software/OS: 'elfutils' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7607 BugTraq ID: 98608 http://www.securityfocus.com/bid/98608 https://security.gentoo.org/glsa/201710-10 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c SuSE Security Announcement: openSUSE-SU-2019:1590 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://usn.ubuntu.com/3670-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7608 BugTraq ID: 98609 http://www.securityfocus.com/bid/98609 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html Common Vulnerability Exposure (CVE) ID: CVE-2017-7609 https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c Common Vulnerability Exposure (CVE) ID: CVE-2017-7610 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c Common Vulnerability Exposure (CVE) ID: CVE-2017-7611 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c Common Vulnerability Exposure (CVE) ID: CVE-2017-7612 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c Common Vulnerability Exposure (CVE) ID: CVE-2017-7613 https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c Common Vulnerability Exposure (CVE) ID: CVE-2018-16062 https://sourceware.org/bugzilla/show_bug.cgi?id=23541 https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9 https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html RedHat Security Advisories: RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:2197 https://usn.ubuntu.com/4012-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-16402 https://sourceware.org/bugzilla/show_bug.cgi?id=23528 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-16403 https://sourceware.org/bugzilla/show_bug.cgi?id=23529 https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda Common Vulnerability Exposure (CVE) ID: CVE-2018-18310 https://sourceware.org/bugzilla/show_bug.cgi?id=23752 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2018-18520 https://sourceware.org/bugzilla/show_bug.cgi?id=23787 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html Common Vulnerability Exposure (CVE) ID: CVE-2018-18521 https://sourceware.org/bugzilla/show_bug.cgi?id=23786 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html Common Vulnerability Exposure (CVE) ID: CVE-2019-7149 https://sourceware.org/bugzilla/show_bug.cgi?id=24102 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html RedHat Security Advisories: RHSA-2019:3575 https://access.redhat.com/errata/RHSA-2019:3575 Common Vulnerability Exposure (CVE) ID: CVE-2019-7150 https://sourceware.org/bugzilla/show_bug.cgi?id=24103 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html Common Vulnerability Exposure (CVE) ID: CVE-2019-7664 https://sourceware.org/bugzilla/show_bug.cgi?id=24084 Common Vulnerability Exposure (CVE) ID: CVE-2019-7665 https://sourceware.org/bugzilla/show_bug.cgi?id=24089 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.