[SECURITY] [DLA 3579-1] elfutils security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3579-1] elfutils security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 23 Sep 2023 16:56:12 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2309231652310.24177@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3579-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 23, 2023                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : elfutils
Version        : 0.176-1.1+deb10u1
CVE ID         : CVE-2020-21047

An issue has been found in elfutils, a collection of utilities to handleELF objects.Due to missing bound checks and reachable asserts, an attacker canuse crafted elf files to trigger application crashes that result indenial-of-services.


For Debian 10 buster, this problem has been fixed in version
0.176-1.1+deb10u1.

We recommend that you upgrade your elfutils packages.

For the detailed security status of elfutils please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/elfutils

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmUPGK1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdKoA/9H8PG4zV62/qQUBNZpEiVNC2ZU60S2R2guXvJ+1X2PpHD6rDLnfTcx4kh
NO2UC4S4CeYXMfkfgYAR6Kf/3s3hVyhqOa4wPBggbU7CBwtam6Q9gBs9CaAETSbb
bGf6B30YfozkeoAhOCU6q/2/KcbO3SSk/QPi3lXTOHILecKYkrpIuUWA2stA+mPQ
zkFRW+CkLzTUhEEP37T1WSdFL//lbI/BgEBsgKvEnb9G+LeAKlqoivS3i2cMgCCs
zojwZt2wlvrLyNKgelJ+zw/4rUz4t74YpxET2cW3KHSCeSDhHg68TkaqAbHIuW7s
VDhlp4Iiu86qs9xnfyXfsxQVrOzIGwHYE5K+AKIhSDSOA9NNxhODtbYQfVnodSD1
KX87csHpwSFgE9uT+5U5UaKwp8N7nXrIeu6tUJqrOZPmsbIMlc+W4H+Q0YvMQDLD
a4VMmynUbXOL15GmVAuTyoTa0cv5myHPjsdt9FD5t5foEl2+1ZG+4Kmf6vf3kDKn
ype8veNgDKToiF+OuO9Zrez5vWiX4DWa6PP2yg0QPIXrcltuxYUa+r0F89loyn5Y
Ryl1hFrp6DrhHHgtrcISkXJn520kgSZNv4OZDND0JgsRVr1FxC1QkPun20RdDj2l
/nWyzWwsJMbcF+nvCfb3OJ9ghj12eadIaYEFfpjAn7brbAbPHxo=
=YXt/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3578-1] lldpd security update
Next by Date: [SECURITY] [DLA 3580-1] libapache-mod-jk security update
Previous by thread: [SECURITY] [DLA 3578-1] lldpd security update
Next by thread: [SECURITY] [DLA 3580-1] libapache-mod-jk security update
Index(es):
- Date
- Thread