Ubuntu 6580 Published by

Updated elfutils packages has been released for both Ubuntu 14.04 LTS and 16.04 LTS. This addresses an issue where elfutils could be made to crash or consume resources if it opened a specially crafted file.



==========================================================================
Ubuntu Security Notice USN-3670-1
June 05, 2018

elfutils vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

elfutils could be made to crash or consume resources if it opened a
specially crafted file.

Software Description:
- elfutils: collection of utilities to handle ELF objects

Details:

Agostino Sarubbo discovered that elfutils incorrectly handled certain
malformed ELF files. If a user or automated system were tricked into
processing a specially crafted ELF file, elfutils could be made to crash or
consume resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
elfutils 0.165-3ubuntu1.1
libasm1 0.165-3ubuntu1.1
libdw1 0.165-3ubuntu1.1
libelf1 0.165-3ubuntu1.1

Ubuntu 14.04 LTS:
elfutils 0.158-0ubuntu5.3
libasm1 0.158-0ubuntu5.3
libdw1 0.158-0ubuntu5.3
libelf1 0.158-0ubuntu5.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3670-1
CVE-2016-10254, CVE-2016-10255, CVE-2017-7607, CVE-2017-7608,
CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612,
CVE-2017-7613

Package Information:
https://launchpad.net/ubuntu/+source/elfutils/0.165-3ubuntu1.1
https://launchpad.net/ubuntu/+source/elfutils/0.158-0ubuntu5.3
  Elfutils Security Update for Ubuntu