-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: elfutils security update Advisory ID: RHSA-2020:1471-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1471 Issue date: 2020-04-14 CVE Names: CVE-2018-16402 ===================================================================== 1. Summary: An update for elfutils is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. Security Fix(es): * elfutils: Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1625050 - CVE-2018-16402 elfutils: Double-free due to double decompression of sections in crafted ELF causes crash 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: elfutils-0.172-4.el7_6.src.rpm noarch: elfutils-default-yama-scope-0.172-4.el7_6.noarch.rpm x86_64: elfutils-0.172-4.el7_6.x86_64.rpm elfutils-debuginfo-0.172-4.el7_6.i686.rpm elfutils-debuginfo-0.172-4.el7_6.x86_64.rpm elfutils-libelf-0.172-4.el7_6.i686.rpm elfutils-libelf-0.172-4.el7_6.x86_64.rpm elfutils-libs-0.172-4.el7_6.i686.rpm elfutils-libs-0.172-4.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: elfutils-debuginfo-0.172-4.el7_6.i686.rpm elfutils-debuginfo-0.172-4.el7_6.x86_64.rpm elfutils-devel-0.172-4.el7_6.i686.rpm elfutils-devel-0.172-4.el7_6.x86_64.rpm elfutils-devel-static-0.172-4.el7_6.i686.rpm elfutils-devel-static-0.172-4.el7_6.x86_64.rpm elfutils-libelf-devel-0.172-4.el7_6.i686.rpm elfutils-libelf-devel-0.172-4.el7_6.x86_64.rpm elfutils-libelf-devel-static-0.172-4.el7_6.i686.rpm elfutils-libelf-devel-static-0.172-4.el7_6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: elfutils-0.172-4.el7_6.src.rpm noarch: elfutils-default-yama-scope-0.172-4.el7_6.noarch.rpm ppc64: elfutils-0.172-4.el7_6.ppc64.rpm elfutils-debuginfo-0.172-4.el7_6.ppc.rpm elfutils-debuginfo-0.172-4.el7_6.ppc64.rpm elfutils-devel-0.172-4.el7_6.ppc.rpm elfutils-devel-0.172-4.el7_6.ppc64.rpm elfutils-libelf-0.172-4.el7_6.ppc.rpm elfutils-libelf-0.172-4.el7_6.ppc64.rpm elfutils-libelf-devel-0.172-4.el7_6.ppc.rpm elfutils-libelf-devel-0.172-4.el7_6.ppc64.rpm elfutils-libs-0.172-4.el7_6.ppc.rpm elfutils-libs-0.172-4.el7_6.ppc64.rpm ppc64le: elfutils-0.172-4.el7_6.ppc64le.rpm elfutils-debuginfo-0.172-4.el7_6.ppc64le.rpm elfutils-devel-0.172-4.el7_6.ppc64le.rpm elfutils-libelf-0.172-4.el7_6.ppc64le.rpm elfutils-libelf-devel-0.172-4.el7_6.ppc64le.rpm elfutils-libs-0.172-4.el7_6.ppc64le.rpm s390x: elfutils-0.172-4.el7_6.s390x.rpm elfutils-debuginfo-0.172-4.el7_6.s390.rpm elfutils-debuginfo-0.172-4.el7_6.s390x.rpm elfutils-devel-0.172-4.el7_6.s390.rpm elfutils-devel-0.172-4.el7_6.s390x.rpm elfutils-libelf-0.172-4.el7_6.s390.rpm elfutils-libelf-0.172-4.el7_6.s390x.rpm elfutils-libelf-devel-0.172-4.el7_6.s390.rpm elfutils-libelf-devel-0.172-4.el7_6.s390x.rpm elfutils-libs-0.172-4.el7_6.s390.rpm elfutils-libs-0.172-4.el7_6.s390x.rpm x86_64: elfutils-0.172-4.el7_6.x86_64.rpm elfutils-debuginfo-0.172-4.el7_6.i686.rpm elfutils-debuginfo-0.172-4.el7_6.x86_64.rpm elfutils-devel-0.172-4.el7_6.i686.rpm elfutils-devel-0.172-4.el7_6.x86_64.rpm elfutils-libelf-0.172-4.el7_6.i686.rpm elfutils-libelf-0.172-4.el7_6.x86_64.rpm elfutils-libelf-devel-0.172-4.el7_6.i686.rpm elfutils-libelf-devel-0.172-4.el7_6.x86_64.rpm elfutils-libs-0.172-4.el7_6.i686.rpm elfutils-libs-0.172-4.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: elfutils-0.172-4.el7_6.src.rpm aarch64: elfutils-0.172-4.el7_6.aarch64.rpm elfutils-debuginfo-0.172-4.el7_6.aarch64.rpm elfutils-devel-0.172-4.el7_6.aarch64.rpm elfutils-libelf-0.172-4.el7_6.aarch64.rpm elfutils-libelf-devel-0.172-4.el7_6.aarch64.rpm elfutils-libs-0.172-4.el7_6.aarch64.rpm noarch: elfutils-default-yama-scope-0.172-4.el7_6.noarch.rpm ppc64le: elfutils-0.172-4.el7_6.ppc64le.rpm elfutils-debuginfo-0.172-4.el7_6.ppc64le.rpm elfutils-devel-0.172-4.el7_6.ppc64le.rpm elfutils-libelf-0.172-4.el7_6.ppc64le.rpm elfutils-libelf-devel-0.172-4.el7_6.ppc64le.rpm elfutils-libs-0.172-4.el7_6.ppc64le.rpm s390x: elfutils-0.172-4.el7_6.s390x.rpm elfutils-debuginfo-0.172-4.el7_6.s390.rpm elfutils-debuginfo-0.172-4.el7_6.s390x.rpm elfutils-devel-0.172-4.el7_6.s390.rpm elfutils-devel-0.172-4.el7_6.s390x.rpm elfutils-libelf-0.172-4.el7_6.s390.rpm elfutils-libelf-0.172-4.el7_6.s390x.rpm elfutils-libelf-devel-0.172-4.el7_6.s390.rpm elfutils-libelf-devel-0.172-4.el7_6.s390x.rpm elfutils-libs-0.172-4.el7_6.s390.rpm elfutils-libs-0.172-4.el7_6.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: elfutils-debuginfo-0.172-4.el7_6.ppc.rpm elfutils-debuginfo-0.172-4.el7_6.ppc64.rpm elfutils-devel-static-0.172-4.el7_6.ppc.rpm elfutils-devel-static-0.172-4.el7_6.ppc64.rpm elfutils-libelf-devel-static-0.172-4.el7_6.ppc.rpm elfutils-libelf-devel-static-0.172-4.el7_6.ppc64.rpm ppc64le: elfutils-debuginfo-0.172-4.el7_6.ppc64le.rpm elfutils-devel-static-0.172-4.el7_6.ppc64le.rpm elfutils-libelf-devel-static-0.172-4.el7_6.ppc64le.rpm s390x: elfutils-debuginfo-0.172-4.el7_6.s390.rpm elfutils-debuginfo-0.172-4.el7_6.s390x.rpm elfutils-devel-static-0.172-4.el7_6.s390.rpm elfutils-devel-static-0.172-4.el7_6.s390x.rpm elfutils-libelf-devel-static-0.172-4.el7_6.s390.rpm elfutils-libelf-devel-static-0.172-4.el7_6.s390x.rpm x86_64: elfutils-debuginfo-0.172-4.el7_6.i686.rpm elfutils-debuginfo-0.172-4.el7_6.x86_64.rpm elfutils-devel-static-0.172-4.el7_6.i686.rpm elfutils-devel-static-0.172-4.el7_6.x86_64.rpm elfutils-libelf-devel-static-0.172-4.el7_6.i686.rpm elfutils-libelf-devel-static-0.172-4.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: elfutils-debuginfo-0.172-4.el7_6.aarch64.rpm elfutils-devel-static-0.172-4.el7_6.aarch64.rpm elfutils-libelf-devel-static-0.172-4.el7_6.aarch64.rpm ppc64le: elfutils-debuginfo-0.172-4.el7_6.ppc64le.rpm elfutils-devel-static-0.172-4.el7_6.ppc64le.rpm elfutils-libelf-devel-static-0.172-4.el7_6.ppc64le.rpm s390x: elfutils-debuginfo-0.172-4.el7_6.s390.rpm elfutils-debuginfo-0.172-4.el7_6.s390x.rpm elfutils-devel-static-0.172-4.el7_6.s390.rpm elfutils-devel-static-0.172-4.el7_6.s390x.rpm elfutils-libelf-devel-static-0.172-4.el7_6.s390.rpm elfutils-libelf-devel-static-0.172-4.el7_6.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-16402 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXpX1+NzjgjWX9erEAQgfnw/+P5XIon7SsvxnN0JJfd5AEb+RfRIvDJ8W uHye3TdcQfQWKMRAk2laVpjioNTpFamZWjGLO9u4lPzqz22rRmhyB3ODHvP2cK4G IBaHjbI50hs8vEArX4QdT/XEUMQ359mKYnqONybrb6jDxjwqiVGZky1223CBASfL BghRxVlcYDhP9f4S11dNf+vqM1BV3PBuPY9Oomly/fM79saNLcbIAhggKsdT3oSa rIyt3Wi8J+Qfo+Gk5dLHrqD8LPdpwWLR9l38lBtKaD4+JyZM5uQhgIBdeIWb98An lt5G7YAVH3eQ3V1xYtW3VlrdJpYsbG926Xah+ndPN4lwUagjRFERL62/c61QDhq2 emAGbx8zF+ofYG+cG2d7v8krQaJNGh3KVeHKtEGB25fOV2Usw35QHvUsxPf2eVe5 flcqFYX3w/26w1oi7DAwXe4ASIDKM6VbTg5JMWPjJNmeoYjc4Vec5fLOu6SFLRID EKd+WfFQul4iFR/LEiucm3omnA98lQ9spsSmAWxXwSUcRCWjVe8xcZmgrFTDkJTc edbPxo+M+kafoewEOYjjA8bF9OdloFOQGqTh8qZ12llA21+axjmr6Xc12eMOfn86 0OhUdrbpz8qqO9ops8hOSaoHlS6Xajt05zhBGwSpkYVWlsNayJ/PT6pfnihAtVdS 1Q9WkSsPKes= =Gdq3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce