Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-7369-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.12.2025.7369.1

Categoría: Ubuntu Local Security Checks

Título: Ubuntu: Security Advisory (USN-7369-1)

Resumen: The remote host is missing an update for the 'elfutils' package(s) announced via the USN-7369-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'elfutils' package(s) announced via the USN-7369-1 advisory.

Vulnerability Insight:
It was discovered that readelf from elfutils could be made to read out of
bounds. If a user or automated system were tricked into running readelf
on a specially crafted file, an attacker could cause readelf to crash,
resulting in a denial of service. This issue only affected Ubuntu 24.04
LTS. (CVE-2024-25260)

It was discovered that readelf from elfutils could be made to write out of
bounds. If a user or automated system were tricked into running readelf
on a specially crafted file, an attacker could cause readelf to crash,
resulting in a denial of service, or possibly execute arbitrary code.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1365)

It was discovered that readelf from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
readelf on a specially crafted file, an attacker could cause readelf to
crash, resulting in a denial of service. This issue only affected Ubuntu
24.04 LTS and Ubuntu 24.10. (CVE-2025-1371)

It was discovered that readelf from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
readelf on a specially crafted file, an attacker could cause readelf to
crash, resulting in a denial of service. (CVE-2025-1372)

It was discovered that strip from elfutils could be made to dereference
invalid memory. If a user or automated system were tricked into running
strip on a specially crafted file, an attacker could cause strip to
crash, resulting in a denial of service. (CVE-2025-1377)

Affected Software/OS:
'elfutils' package(s) on Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-25260
https://github.com/schsiung/fuzzer_issues/issues/1
https://sourceware.org/bugzilla/show_bug.cgi?id=31058
https://sourceware.org/elfutils/
Common Vulnerability Exposure (CVE) ID: CVE-2025-1365
Common Vulnerability Exposure (CVE) ID: CVE-2025-1371
Common Vulnerability Exposure (CVE) ID: CVE-2025-1372
Common Vulnerability Exposure (CVE) ID: CVE-2025-1377

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.12.2025.7369.1
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu: Security Advisory (USN-7369-1)
Resumen:	The remote host is missing an update for the 'elfutils' package(s) announced via the USN-7369-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'elfutils' package(s) announced via the USN-7369-1 advisory. Vulnerability Insight: It was discovered that readelf from elfutils could be made to read out of bounds. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-25260) It was discovered that readelf from elfutils could be made to write out of bounds. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1365) It was discovered that readelf from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1371) It was discovered that readelf from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. (CVE-2025-1372) It was discovered that strip from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running strip on a specially crafted file, an attacker could cause strip to crash, resulting in a denial of service. (CVE-2025-1377) Affected Software/OS: 'elfutils' package(s) on Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ Common Vulnerability Exposure (CVE) ID: CVE-2025-1365 Common Vulnerability Exposure (CVE) ID: CVE-2025-1371 Common Vulnerability Exposure (CVE) ID: CVE-2025-1372 Common Vulnerability Exposure (CVE) ID: CVE-2025-1377
Copyright	Copyright (C) 2025 Greenbone AG