Debian 10264 Published by

A elfutils security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address an issue that result in denial-of-services.



ELA-962-1 elfutils security update

Package : elfutils
Version : 0.159-4.2+deb8u2 (jessie), 0.168-1+deb9u2 (stretch)

Related CVEs :
CVE-2020-21047

An issue has been found in elfutils, a collection of utilities to handle ELF objects.
Due to missing bound checks and reachable asserts, an attacker can use crafted elf files
to trigger application crashes that result in denial-of-services.
As part of this update, CVE-2019-7149 has been fixed as well in Stretch.
Due to a heap-buffer-overflow problem in function read_srclines() a crafted ELF input can cause segmentation faults.

ELA-962-1 elfutils security update