Bug 34134 - elfutils new security issues CVE-2024-25260, CVE-2025-1365, CVE-2025-1371, CVE-2025-1372 and CVE-2025-1377
Summary: elfutils new security issues CVE-2024-25260, CVE-2025-1365, CVE-2025-1371, CV...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-03-25 13:49 CET by Nicolas Salguero
Modified: 2025-03-31 17:54 CEST (History)
3 users (show)

See Also:
Source RPM: elfutils-0.189-1.mga9.src.rpm
CVE: CVE-2024-25260, CVE-2025-1372, CVE-2025-1377
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-03-25 13:49:11 CET 
Ubuntu has issued an advisory on March 24:
https://ubuntu.com/security/notices/USN-7369-1
Nicolas Salguero 2025-03-25 13:49:58 CET

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-25260, CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, CVE-2025-1377
Status comment: (none) => Patches available from Ubuntu
Source RPM: (none) => elfutils-0.192-4.mga10.src.rpm, elfutils-0.189-1.mga9.src.rpm

Comment 1 Nicolas Salguero 2025-03-28 15:51:43 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. (CVE-2024-25260)

GNU elfutils eu-readelf readelf.c print_string_section buffer overflow. (CVE-2025-1372)

GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service. (CVE-2025-1377)

References:
https://ubuntu.com/security/notices/USN-7369-1
========================

Updated packages in core/updates_testing:
========================
elfutils-0.189-1.1.mga9
lib(64)elfutils1-0.189-1.1.mga9
lib(64)elfutils-devel-0.189-1.1.mga9
lib(64)elfutils-static-devel-0.189-1.1.mga9

from SRPM:
elfutils-0.189-1.1.mga9.src.rpm

Source RPM: elfutils-0.192-4.mga10.src.rpm, elfutils-0.189-1.mga9.src.rpm => elfutils-0.189-1.mga9.src.rpm
Status: NEW => ASSIGNED
Status comment: Patches available from Ubuntu => (none)
CVE: CVE-2024-25260, CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, CVE-2025-1377 => CVE-2024-25260, CVE-2025-1372, CVE-2025-1377
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Assignee: bugsquad => qa-bugs

katnatek 2025-03-28 22:23:06 CET

Keywords: (none) => advisory

Comment 2 Herman Viaene 2025-03-29 16:58:03 CET 
MGA9-64 Plasma Waylans on Compaq H000SB
No installation issues.
Ref bug 23160 Comment 16
$ eu-readelf --strings=.gnu.version /bin/mogrify

String section [8] '.gnu.version' contains 64 bytes at offset 0x972:
  [     0]  
  [     1]  
etc....
$ file /bin/ruby
/bin/ruby: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=1d5023d0084a9e690ae132caec6a39182e7d8de0, for GNU/Linux 3.2.0, stripped
$ eu-readelf -h /bin/ruby
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Ident Version:                     1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           AMD x86-64
  Version:                           1 (current)
  Entry point address:               0x401120
  Start of program headers:          64 (bytes into file)
  Start of section headers:          13512 (bytes into file)
  Flags:                             
  Size of this header:               64 (bytes)
  Size of program header entries:    56 (bytes)
  Number of program headers entries: 13
  Size of section header entries:    64 (bytes)
  Number of section headers entries: 29
  Section header string table index: 28

$ eu-readelf -I /bin/ruby

Histogram for bucket list length in section [ 5] '.gnu.hash' (total of 10 buckets):
 Addr: 0x00000000004003c0  Offset: 0x0003c0  Link to section: [ 6] '.dynsym'
 Symbol Bias: 10
 Bitmask Size: 8 bytes  22% bits set  2nd hash shift: 6
 Length  Number  % of total  Coverage
      0       3       30.0%
      1       7       70.0%    100.0%
 Average number of tests:   successful lookup: 1.000000
                          unsuccessful lookup: 0.700000

$ cd tmp
$ eu-strip -o strip.out -f extracted /bin/ruby
Two files created  which make little sense to me, but they seem like binaries.

$ eu-objdump -d  /bin/ruby
/bin/ruby: elf64-elf_x86_64

Disassembly of section .init:

  401000:    48 83 ec 08              sub     $0x8,%rsp
  401004:    48 8b 05 cd 2f 00 00     mov     0x2fcd(%rip),%rax          # 0x403fd8
  40100b:    48 85 c0                 test    %rax,%rax
etc....

eu-size /bin/ruby
              text               data                bss                dec            hex filename
              1972                656                  8               2636            a4c /bin/ruby

$ eu-strings /bin/filezilla | grep DATA | sort -u
FZ_DATADIR
ID_MENU_EDIT_CLEARPRIVATEDATA
You can specify the data directory of FileZilla by setting the FZ_DATADIR environment variable.

This looks all reasonable as far as I understand it.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2025-03-30 20:34:08 CEST 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 4 Mageia Robot 2025-03-31 17:54:48 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0119.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.