elfutils: Multiple vulnerabilities — GLSA 201710-10

Multiple vulnerabilities have been found in elfutils, the worst of which may allow remote attackers to cause a Denial of Service condition.

Affected packages

dev-libs/elfutils on all architectures
Affected versions < 0.169-r1
Unaffected versions >= 0.169-r1

Background

Elfutils provides a library and utilities to access, modify and analyse ELF objects.

Description

Multiple vulnerabilities have been discovered in elfutils. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could possibly cause a Denial of Service condition via specially crafted ELF files.

Workaround

There is no known workaround at this time.

Resolution

All elfutils users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/elfutils-0.169-r1"
 

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

References

Release date
October 13, 2017

Latest revision
October 13, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries