Ubuntu has issued an advisory on June 5: https://usn.ubuntu.com/3670-1/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOOStatus comment: (none) => Patches available from Ubuntu
Assigning to the registered maintainer.
Assignee: bugsquad => shlomifCC: (none) => marja11
Fedora has issued an advisory today (June 8): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EP43TAFBHQYHEVFEGFYOXUFAUCL3CQVB/ It fixes one additional issue.
Summary: elfutils new security issues CVE-2017-760[7-9] and CVE-2017-761[0-3] => elfutils new security issues CVE-2017-760[7-9], CVE-2017-761[0-3], and CVE-2018-8769
elfutils-0.171-1.mga7 uploaded for Cauldron by Shlomi.
Version: Cauldron => 6Whiteboard: MGA6TOO => MGA5TOO
elfutils-0.172-1.mga7 uploaded for Cauldron by Shlomi. Not sure if it has more security fixes.
Fedora has issued an advisory on September 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZR46Q3JKQSYY2NLPY6O2VEAJ4LFJXG2T/ It fixes three new issues (fixed in 0.174).
Summary: elfutils new security issues CVE-2017-760[7-9], CVE-2017-761[0-3], and CVE-2018-8769 => elfutils new security issues CVE-2017-760[7-9], CVE-2017-761[0-3], CVE-2018-8769, CVE-2018-16062, CVE-2018-1640[23]
CC: (none) => tmbWhiteboard: MGA5TOO => (none)
Fedora has issued an advisory on November 18: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WVO7IN2HHZYO3TYRFQTWRN2IXLMQF7GP/ It fixes three new issues.
Whiteboard: (none) => MGA6TOOSummary: elfutils new security issues CVE-2017-760[7-9], CVE-2017-761[0-3], CVE-2018-8769, CVE-2018-16062, CVE-2018-1640[23] => elfutils new security issues CVE-2017-760[7-9], CVE-2017-761[0-3], CVE-2018-8769, CVE-2018-16062, CVE-2018-1640[23], CVE-2018-18310, CVE-2018-1852[01]Version: 6 => Cauldron
Newest issues fixed upstream in 0.175, uploaded for Cauldron by Shlomi.
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)
Fedora has issued an advisory today (February 18): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z6QQTO2CLXUBNNOX4DEZ5XXWJYV3SYVN/ It fixes 6 new issues (fixed upstream in 0.176).
Whiteboard: (none) => MGA6TOOSummary: elfutils new security issues CVE-2017-760[7-9], CVE-2017-761[0-3], CVE-2018-8769, CVE-2018-16062, CVE-2018-1640[23], CVE-2018-18310, CVE-2018-1852[01] => elfutils new security issues CVE-2017-760[7-9], CVE-2017-761[0-3], CVE-2018-8769, CVE-2018-16062, CVE-2018-1640[23], CVE-2018-18310, CVE-2018-1852[01], CVE-2019-714[689], CVE-2019-7150, CVE-2019-766[45]Version: 6 => Cauldron
elfutils-0.176-1.mga7 uploaded for Cauldron by Shlomi.
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6
Ubuntu has issued an advisory for this on June 10: https://usn.ubuntu.com/4012-1/
Updated package uploaded by Shlomi. Advisory to come later. Updated packages in core/updates_testing: ======================== elfutils-0.176-1.mga6 libelfutils-devel-0.176-1.mga6 libelfutils-static-devel-0.176-1.mga6 libelfutils1-0.176-1.mga6 from elfutils-0.176-1.mga6.src.rpm
Assignee: shlomif => qa-bugsCC: (none) => shlomif
RedHat has issued an advisory for this on August 6: https://access.redhat.com/errata/RHSA-2019:2197
According to RedHat bugs: CVE-2018-8769 not in upstream 0.170, introduced via Fedora patch we don't have. CVE-2019-7146 issue introduced in 0.175. CVE-2019-7148 caused by ASAN, not a real issue. Advisory: ======================== Updated elfutils packages fix security vulnerabilities: It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665). In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash) (CVE-2019-7664). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665 https://usn.ubuntu.com/3670-1/ https://usn.ubuntu.com/4012-1/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z6QQTO2CLXUBNNOX4DEZ5XXWJYV3SYVN/
Created attachment 11251 [details] A selection of POC before the update A few of the CVEs have been skipped. Post objections to qa-bugs.
CC: (none) => tarazed25
Created attachment 11252 [details] POC tests after the updates
mga6, x86_64 Checked several of the CVEs before and after the updates. Apart from CVE-2018-16062, all the POC tests seem to indicate that the specific issues had already been fixed already or successfully treated by the latest fixes. Tried a few functionality tests. $ eu-readelf --strings=.gnu.version /bin/mogrify String section [7] '.gnu.version' contains 38 bytes at offset 0x62a: [ 0] [...] $ file calculate calculate: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 2.6.32, BuildID[sha1]=327bbcffd3cec9bfcfda632fe8fa3d1cef39b21e, not stripped $ eu-readelf -l calculate Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1 [...] $ eu-readelf -h /bin/ruby ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Ident Version: 1 (current) OS/ABI: UNIX - System V [...] $ eu-readelf -I /bin/ruby Histogram for bucket list length in section [ 4] '.gnu.hash' (total of 19 buckets): Addr: 0x0000000000400298 Offset: 0x000298 Link to section: [ 5] '.dynsym' Symbol Bias: 12 Bitmask Size: 8 bytes 32% bits set 2nd hash shift: 6 Length Number % of total Coverage 0 9 47.4% 1 9 47.4% 81.8% 2 1 5.3% 100.0% Average number of tests: successful lookup: 1.090909 $ eu-strip -o strip.out -f extracted calculate Both output files are stripped ELF files.$ ll calculate strip.out extracted -rwxr-xr-x 1 lcl lcl 17336 Aug 13 19:12 calculate* -rwxr-xr-x 1 lcl lcl 9560 Aug 13 19:24 extracted* -rwxr-xr-x 1 lcl lcl 10552 Aug 13 19:24 strip.out* calculate is an interactive fortran program but I do not know how to run it exactly. It does not work like bc. $ eu-objdump -d calculate calculate: elf64-elf_x86_64 Disassembly of section .init: 400860: 48 83 ec 08 sub $0x8,%rsp 400864: 48 8b 05 8d 17 20 00 mov 0x20178d(%rip),%rax # 0x601ff8 40086b: 48 85 c0 test %rax,%rax 40086e: 74 05 je 0x400875 400870: e8 3b 00 00 00 callq 0x4008b0 400875: 48 83 c4 08 add $0x8,%rsp 400879: c3 retq Disassembly of section .plt: 400880: ff 35 82 17 20 00 pushq 0x201782(%rip) # 0x602008 400886: ff 25 84 17 20 00 jmpq *0x201784(%rip) # 0x602010 40088c: 0f 1f 40 00 nopl 0x0(%rax) [...] $ eu-objdump -s calculate > dump lcl@canopus:elf $ head dump calculate: elf64-elf_x86_64 Contents of section .interp: 0000 2f6c6962 36342f6c 642d6c69 6e75782d /lib64/ld-linux- 0010 7838362d 36342e73 6f2e3200 x86-64.so.2. Contents of section .init: 0000 4883ec08 488b058d 17200048 85c07405 H...H.... .H..t. 0010 e83b0000 004883c4 08c3 .;...H.... $ eu-nm --extern-only calculate [...] Name Value Class Type Size Line Section _ITM_deregisterTMCloneTable ||WEAK |NOTYPE || |UNDEF _ITM_registerTMCloneTable ||WEAK |NOTYPE || |UNDEF [...] _gfortran_set_args@@GFORTRAN_1.0 ||GLOBAL|FUNC || |UNDEF _gfortran_set_options@@GFORTRAN_1.0 ||GLOBAL|FUNC || |UNDEF [...] $ eu-elfcmp strip.out calculate eu-elfcmp: strip.out calculate diff: section count $ eu-elfcmp calculate extracted eu-elfcmp: calculate extracted differ: section [1] '.interp' header $ eu-size /bin/ruby text data bss dec hex filename 2313 616 8 2937 b79 /bin/ruby $ eu-size /bin/stellarium text data bss dec hex filename 13717547 144285 277168 14139000 d7be78 /bin/stellarium $ eu-strings /bin/stellarium | grep DATA | sort -u QTMETADATA qbjs QZip: Z_DATA_ERROR: Input data is corrupted No failures or regressions detected. Giving this a 64bit OK.
Whiteboard: (none) => MGA6-64-OK
Validating. Advisory in Comment 13.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0222.html
Status: NEW => RESOLVEDResolution: (none) => FIXED