Upstream information

CVE-2014-0172 at MITRE

Description

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 872785 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • elfutils >= 0.158-3.200
  • libasm1 >= 0.158-3.200
  • libdw1 >= 0.158-3.200
  • libdw1-32bit >= 0.158-3.200
  • libebl1 >= 0.158-3.200
  • libebl1-32bit >= 0.158-3.200
  • libelf1 >= 0.158-3.200
  • libelf1-32bit >= 0.158-3.200
Patchnames:
SUSE Linux Enterprise Desktop 12 GA elfutils
SUSE Linux Enterprise Desktop 12 SP1
  • elfutils >= 0.158-6.1
  • libasm1 >= 0.158-6.1
  • libdw1 >= 0.158-6.1
  • libdw1-32bit >= 0.158-6.1
  • libebl1 >= 0.158-6.1
  • libebl1-32bit >= 0.158-6.1
  • libelf1 >= 0.158-6.1
  • libelf1-32bit >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA elfutils
SUSE Linux Enterprise Desktop 12 SP2
  • elfutils >= 0.158-6.1
  • libasm1 >= 0.158-6.1
  • libdw1 >= 0.158-6.1
  • libdw1-32bit >= 0.158-6.1
  • libebl1 >= 0.158-6.1
  • libebl1-32bit >= 0.158-6.1
  • libelf1 >= 0.158-6.1
  • libelf1-32bit >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA elfutils
SUSE Linux Enterprise Desktop 12 SP3
  • elfutils >= 0.158-6.1
  • libasm1 >= 0.158-6.1
  • libdw1 >= 0.158-6.1
  • libdw1-32bit >= 0.158-6.1
  • libebl1 >= 0.158-6.1
  • libebl1-32bit >= 0.158-6.1
  • libelf1 >= 0.158-6.1
  • libelf1-32bit >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA elfutils
SUSE Linux Enterprise Module for Basesystem 15
  • elfutils >= 0.168-2.164
  • elfutils-lang >= 0.168-2.164
  • libasm-devel >= 0.168-2.164
  • libasm1 >= 0.168-2.164
  • libdw-devel >= 0.168-2.164
  • libdw1 >= 0.168-2.164
  • libdw1-32bit >= 0.168-2.164
  • libebl-devel >= 0.168-2.164
  • libebl-plugins >= 0.168-2.164
  • libebl-plugins-32bit >= 0.168-2.164
  • libelf-devel >= 0.168-2.164
  • libelf1 >= 0.168-2.164
  • libelf1-32bit >= 0.168-2.164
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA elfutils
SUSE Linux Enterprise Server 12
  • elfutils >= 0.158-3.82
  • libasm1 >= 0.158-3.82
  • libasm1-32bit >= 0.158-3.200
  • libdw1 >= 0.158-3.82
  • libdw1-32bit >= 0.158-3.200
  • libebl1 >= 0.158-3.82
  • libebl1-32bit >= 0.158-3.200
  • libelf1 >= 0.158-3.82
  • libelf1-32bit >= 0.158-3.200
Patchnames:
SUSE Linux Enterprise Server 12 GA elfutils
SUSE Linux Enterprise Server 12 SP1
  • elfutils >= 0.158-6.1
  • libasm1 >= 0.158-6.1
  • libasm1-32bit >= 0.158-6.1
  • libdw1 >= 0.158-6.1
  • libdw1-32bit >= 0.158-6.1
  • libebl1 >= 0.158-6.1
  • libebl1-32bit >= 0.158-6.1
  • libelf1 >= 0.158-6.1
  • libelf1-32bit >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA elfutils
SUSE Linux Enterprise Server 12 SP2
  • elfutils >= 0.158-6.1
  • libasm1 >= 0.158-6.1
  • libasm1-32bit >= 0.158-6.1
  • libdw1 >= 0.158-6.1
  • libdw1-32bit >= 0.158-6.1
  • libebl1 >= 0.158-6.1
  • libebl1-32bit >= 0.158-6.1
  • libelf1 >= 0.158-6.1
  • libelf1-32bit >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA elfutils
SUSE Linux Enterprise Server 12 SP3
  • elfutils >= 0.158-6.1
  • libasm1 >= 0.158-6.1
  • libasm1-32bit >= 0.158-6.1
  • libdw1 >= 0.158-6.1
  • libdw1-32bit >= 0.158-6.1
  • libebl1 >= 0.158-6.1
  • libebl1-32bit >= 0.158-6.1
  • libelf1 >= 0.158-6.1
  • libelf1-32bit >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA elfutils
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • elfutils >= 0.158-6.1
  • libasm1 >= 0.158-6.1
  • libdw1 >= 0.158-6.1
  • libebl1 >= 0.158-6.1
  • libelf1 >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA elfutils
SUSE Linux Enterprise Software Development Kit 12
  • libasm-devel >= 0.158-3.200
  • libdw-devel >= 0.158-3.200
  • libebl-devel >= 0.158-3.200
  • libelf-devel >= 0.158-3.200
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libasm-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libasm-devel >= 0.158-6.1
  • libdw-devel >= 0.158-6.1
  • libebl-devel >= 0.158-6.1
  • libelf-devel >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libasm-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libasm-devel >= 0.158-6.1
  • libdw-devel >= 0.158-6.1
  • libebl-devel >= 0.158-6.1
  • libelf-devel >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libasm-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libasm-devel >= 0.158-6.1
  • libdw-devel >= 0.158-6.1
  • libebl-devel >= 0.158-6.1
  • libelf-devel >= 0.158-6.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libasm-devel
openSUSE 13.1
  • elfutils >= 0.155-6.4.1
  • elfutils-debuginfo >= 0.155-6.4.1
  • elfutils-debugsource >= 0.155-6.4.1
  • libasm-devel >= 0.155-6.4.1
  • libasm1 >= 0.155-6.4.1
  • libasm1-32bit >= 0.155-6.4.1
  • libasm1-debuginfo >= 0.155-6.4.1
  • libasm1-debuginfo-32bit >= 0.155-6.4.1
  • libdw-devel >= 0.155-6.4.1
  • libdw1 >= 0.155-6.4.1
  • libdw1-32bit >= 0.155-6.4.1
  • libdw1-debuginfo >= 0.155-6.4.1
  • libdw1-debuginfo-32bit >= 0.155-6.4.1
  • libebl-devel >= 0.155-6.4.1
  • libebl1 >= 0.155-6.4.1
  • libebl1-32bit >= 0.155-6.4.1
  • libebl1-debuginfo >= 0.155-6.4.1
  • libebl1-debuginfo-32bit >= 0.155-6.4.1
  • libelf-devel >= 0.155-6.4.1
  • libelf-devel-32bit >= 0.155-6.4.1
  • libelf1 >= 0.155-6.4.1
  • libelf1-32bit >= 0.155-6.4.1
  • libelf1-debuginfo >= 0.155-6.4.1
  • libelf1-debuginfo-32bit >= 0.155-6.4.1
Patchnames:
openSUSE-2014-491
openSUSE Leap 15.0
  • elfutils >= 0.168-lp150.2.48
  • elfutils-lang >= 0.168-lp150.2.48
  • libasm1 >= 0.168-lp150.2.48
  • libdw1 >= 0.168-lp150.2.48
  • libdw1-32bit >= 0.168-lp150.2.48
  • libebl-plugins >= 0.168-lp150.2.48
  • libebl-plugins-32bit >= 0.168-lp150.2.48
  • libelf1 >= 0.168-lp150.2.48
  • libelf1-32bit >= 0.168-lp150.2.48
Patchnames:
openSUSE Leap 15.0 GA elfutils
openSUSE Leap 42.1
  • elfutils >= 0.158-9.5
  • libasm1 >= 0.158-9.5
  • libdw1 >= 0.158-9.5
  • libelf1 >= 0.158-9.5
  • libelf1-32bit >= 0.158-9.5
Patchnames:
openSUSE Leap 42.1 GA elfutils
openSUSE Leap 42.2
  • elfutils >= 0.158-10.50
  • libasm1 >= 0.158-10.50
  • libdw1 >= 0.158-10.50
  • libelf1 >= 0.158-10.50
  • libelf1-32bit >= 0.158-10.50
Patchnames:
openSUSE Leap 42.2 GA elfutils
openSUSE Leap 42.3
  • elfutils >= 0.158-12.15
  • libasm1 >= 0.158-12.15
  • libdw1 >= 0.158-12.15
  • libelf1 >= 0.158-12.15
  • libelf1-32bit >= 0.158-12.15
Patchnames:
openSUSE Leap 42.3 GA elfutils
openSUSE Tumbleweed
  • elfutils >= 0.167-1.5
  • elfutils-lang >= 0.167-1.5
  • libasm-devel >= 0.167-1.5
  • libasm1 >= 0.167-1.5
  • libasm1-32bit >= 0.167-1.5
  • libdw-devel >= 0.167-1.5
  • libdw1 >= 0.167-1.5
  • libdw1-32bit >= 0.167-1.5
  • libebl-devel >= 0.167-1.5
  • libebl1 >= 0.167-1.5
  • libebl1-32bit >= 0.167-1.5
  • libelf-devel >= 0.167-1.5
  • libelf-devel-32bit >= 0.167-1.5
  • libelf1 >= 0.167-1.5
  • libelf1-32bit >= 0.167-1.5
Patchnames:
openSUSE Tumbleweed GA elfutils