RHEA-2015:2126

Affecting elfutils-libelf package, versions <0:0.163-3.el7

Report new vulnerabilities
low severity
Do your applications use this vulnerable package? Test your applications

Overview

The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages have been upgraded to upstream version 0.163, which provides a number of bug fixes and enhancements over the previous version. Notably: * Previously, elfutils libraries and tools could crash on malformed ELF files or incorrect DWARF data. All known ways to crash the libraries and tools on such incorrect input data have been fixed. * The following changes and improvements have been made to the eu-addr2line tool: - Input addresses are now always interpreted as hexadecimal numbers, never as octal or decimal numbers. - A new option, "-a", "--addresses", to print address before each entry. - A new option, "-C", "--demangle", to show demangled symbols. - A new option, "--pretty-print", to print all information on one line. As a result, it is possible to use eu-addr2line as a drop-in replacement for binutils addr2line. * This update introduces the following improvements to the libdw library: - A new header file elfutils/known-dwarf.h. - The preliminary DWARF5 constants "DW_AT_noreturn", "DW_LANG_C11", "DW_LANG_C_plus_plus_11", "DW_LANG_C_plus_plus_14", "DW_TAG_atomic_type", "DW_LANG_Fortran03", and "DW_LANG_Fortran08", plus the GNU extension "DW_AT_GNU_deleted" have been added to the elfutils/dwarf.h file. - A new function, dwarf_peel_type(), for handling qualified types. - The dwarf_getmacros function now serves both the .debug_macro and .debug_macinfo section data transparently. - New interfaces, "dwarf_getmacros_off", "dwarf_macro_getsrcfiles", "dwarf_macro_getparamcnt", and "dwarf_macro_param", are available for more generalized inspection of macros and their parameters. (BZ#1224169, BZ#1223462) Users of elfutils are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

References

CVE
RHEA-2015:2126
Snyk ID
SNYK-CENTOS7-ELFUTILSLIBELF-553152
Published
25 Feb, 2020