Bugzilla – Bug 872785
VUL-0: CVE-2014-0172: elfutils: Integer overflow in check_section()
Last modified: 2019-02-18 09:02:13 UTC
rh#1085663 The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in check_section(), leading to a heap-based buffer overflow, was found in the libdw library. A malicious ELF file could cause an application using libdw (such as eu-readelf) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. This issue affects versions 0.153 and later. Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team. References: https://bugzilla.redhat.com/show_bug.cgi?id=1085663 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0172
Created attachment 585698 [details] A possible patch from Mark Wielaard
bugbot adjusting priority
Fixed already in SLE12 and Factory. Older SLE not affected. Submitted for opensuse-maint as sr 242928
This is an autogenerated message for OBS integration: This bug (872785) was mentioned in https://build.opensuse.org/request/show/242928 13.1+12.3 / elfutils
openSUSE-SU-2014:0974-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 872785 CVE References: CVE-2014-0172 Sources used: openSUSE 13.1 (src): elfutils-0.155-6.4.1 openSUSE 12.3 (src): elfutils-0.155-2.4.1
This is an autogenerated message for OBS integration: This bug (872785) was mentioned in https://build.opensuse.org/request/show/676940 Factory / elfutils