Source | Text Version

QSN-4012-1: elfutils vulnerabilities

June 10, 2019

Summary

Several security issues were fixed in elfutils.

Details

It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service.

References

https://usn.ubuntu.com/4012-1

http://people.canonical.com/~ubuntu-security/cve/CVE-2018-16062

http://people.canonical.com/~ubuntu-security/cve/CVE-2018-16402

http://people.canonical.com/~ubuntu-security/cve/CVE-2018-16403

http://people.canonical.com/~ubuntu-security/cve/CVE-2018-18310

http://people.canonical.com/~ubuntu-security/cve/CVE-2018-18520

http://people.canonical.com/~ubuntu-security/cve/CVE-2018-18521

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-7149

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-7150

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-7665

Update

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l elfutils

If the current version you have is before 0.165-3ubuntu1.2, run the following:

$ sudo apt-get update
$ sudo apt-get install elfutils

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l libasm1

If the current version you have is before 0.165-3ubuntu1.2, run the following:

$ sudo apt-get update
$ sudo apt-get install libasm1

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l libdw1

If the current version you have is before 0.165-3ubuntu1.2, run the following:

$ sudo apt-get update
$ sudo apt-get install libdw1

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l libelf1

If the current version you have is before 0.165-3ubuntu1.2, run the following:

$ sudo apt-get update
$ sudo apt-get install libelf1

Copyright © 2010-2015, OSNEXUS Corporation. All rights reserved.