Test ID:	1.3.6.1.4.1.25623.1.1.10.2019.0222
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2019-0222)
Summary:	The remote host is missing an update for the 'elfutils' package(s) announced via the MGASA-2019-0222 advisory.
Description:	Summary: The remote host is missing an update for the 'elfutils' package(s) announced via the MGASA-2019-0222 advisory. Vulnerability Insight: It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665). In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash) (CVE-2019-7664). Affected Software/OS: 'elfutils' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7607 BugTraq ID: 98608 http://www.securityfocus.com/bid/98608 https://security.gentoo.org/glsa/201710-10 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c SuSE Security Announcement: openSUSE-SU-2019:1590 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://usn.ubuntu.com/3670-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7608 BugTraq ID: 98609 http://www.securityfocus.com/bid/98609 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html Common Vulnerability Exposure (CVE) ID: CVE-2017-7609 https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c Common Vulnerability Exposure (CVE) ID: CVE-2017-7610 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c Common Vulnerability Exposure (CVE) ID: CVE-2017-7611 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c Common Vulnerability Exposure (CVE) ID: CVE-2017-7612 https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c Common Vulnerability Exposure (CVE) ID: CVE-2017-7613 https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c Common Vulnerability Exposure (CVE) ID: CVE-2018-16062 https://sourceware.org/bugzilla/show_bug.cgi?id=23541 https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9 https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html RedHat Security Advisories: RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:2197 https://usn.ubuntu.com/4012-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-16402 https://sourceware.org/bugzilla/show_bug.cgi?id=23528 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-16403 https://sourceware.org/bugzilla/show_bug.cgi?id=23529 https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda Common Vulnerability Exposure (CVE) ID: CVE-2018-18310 https://sourceware.org/bugzilla/show_bug.cgi?id=23752 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2018-18520 https://sourceware.org/bugzilla/show_bug.cgi?id=23787 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html Common Vulnerability Exposure (CVE) ID: CVE-2018-18521 https://sourceware.org/bugzilla/show_bug.cgi?id=23786 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html Common Vulnerability Exposure (CVE) ID: CVE-2019-7149 https://sourceware.org/bugzilla/show_bug.cgi?id=24102 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html RedHat Security Advisories: RHSA-2019:3575 https://access.redhat.com/errata/RHSA-2019:3575 Common Vulnerability Exposure (CVE) ID: CVE-2019-7150 https://sourceware.org/bugzilla/show_bug.cgi?id=24103 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html Common Vulnerability Exposure (CVE) ID: CVE-2019-7664 https://sourceware.org/bugzilla/show_bug.cgi?id=24084 Common Vulnerability Exposure (CVE) ID: CVE-2019-7665 https://sourceware.org/bugzilla/show_bug.cgi?id=24089 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.