Security update for dwarves and elfutils

Announcement ID: SUSE-SU-2022:2614-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2017-7607 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-7607 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-7608 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-7608 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-7609 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-7609 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-7610 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-7610 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-7611 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-7611 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-7612 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-7612 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-7613 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-7613 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-16062 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
  • CVE-2018-16062 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-16402 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2018-16402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-16402 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-16403 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2018-16403 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-18310 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2018-18310 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-18520 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2018-18520 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-18521 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2018-18521 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-7146 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2019-7146 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-7148 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-7149 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-7150 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2019-7150 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-7664 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2019-7664 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-7664 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2019-7665 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2019-7665 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
  • Basesystem Module 15-SP3
  • openSUSE Leap 15.3
  • SUSE Linux Enterprise Desktop 15 SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Micro for Rancher 5.2
  • SUSE Linux Enterprise Real Time 15 SP3
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Retail Branch Server 4.2
  • SUSE Manager Server 4.2

An update that solves 19 vulnerabilities and contains one feature can now be installed.

Description:

This update for dwarves and elfutils fixes the following issues:

elfutils was updated to version 0.177 (jsc#SLE-24501):

  • elfclassify: New tool to analyze ELF objects.
  • readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes.
  • libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
  • libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned.
  • backends: Add support for C-SKY.

Update to version 0.176:

  • build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h).
  • backends: riscv improved core file and return value location support.
  • Fixes:
  • CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
  • CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)

Update to version 0.175:

  • readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes.
  • strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections.
  • libdwelf: New function dwelf_elf_begin.
  • libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND.
  • CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
  • CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
  • CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)

Update to version 0.174:

  • libelf, libdw and all tools now handle extended shnum and shstrndx correctly.

  • elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite.

  • strip: Handle mixed (out of order) allocated/non-allocated sections.
  • unstrip: Handle SHT_GROUP sections.
  • backends: RISCV and M68K now have backend implementations to generate CFI based backtraces.
  • Fixes:
  • CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
  • CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
  • CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)

Update to version 0.173:

  • More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles.
  • readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded).
  • libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented.
  • backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names.

Update to version 0.172:

  • Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases.

Update to version 0.171:

  • DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation, dwarf_getsrclines, dwarf_ranges, dwarf_form, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die).
  • Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled.
  • readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc.
  • libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays.
  • libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend.

There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

  • libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections.
  • strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
  • backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

  • backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64.
  • translations: Update Polish translation.
  • CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
  • CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
  • CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
  • CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
  • CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
  • CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
  • CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
  • Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3
    zypper in -t patch SUSE-2022-2614=1
  • Basesystem Module 15-SP3
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2614=1
  • SUSE Linux Enterprise Micro 5.1
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2614=1
  • SUSE Linux Enterprise Micro 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2614=1
  • SUSE Linux Enterprise Micro for Rancher 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2614=1

Package List:

  • openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
    • libdw1-debuginfo-0.177-150300.11.3.1
    • libebl-devel-0.177-150300.11.3.1
    • libebl-plugins-0.177-150300.11.3.1
    • libdwarves1-debuginfo-1.22-150300.7.3.1
    • libasm-devel-0.177-150300.11.3.1
    • libelf1-0.177-150300.11.3.1
    • libdw-devel-0.177-150300.11.3.1
    • elfutils-debuginfo-0.177-150300.11.3.1
    • dwarves-debugsource-1.22-150300.7.3.1
    • libdwarves-devel-1.22-150300.7.3.1
    • elfutils-0.177-150300.11.3.1
    • libdwarves1-1.22-150300.7.3.1
    • elfutils-debugsource-0.177-150300.11.3.1
    • libelf-devel-0.177-150300.11.3.1
    • libasm1-debuginfo-0.177-150300.11.3.1
    • libasm1-0.177-150300.11.3.1
    • dwarves-1.22-150300.7.3.1
    • libebl-plugins-debuginfo-0.177-150300.11.3.1
    • libdw1-0.177-150300.11.3.1
    • dwarves-debuginfo-1.22-150300.7.3.1
    • libelf1-debuginfo-0.177-150300.11.3.1
  • openSUSE Leap 15.3 (x86_64)
    • libelf-devel-32bit-0.177-150300.11.3.1
    • libelf1-32bit-debuginfo-0.177-150300.11.3.1
    • libdw1-32bit-0.177-150300.11.3.1
    • libdwarves1-32bit-debuginfo-1.22-150300.7.3.1
    • libelf1-32bit-0.177-150300.11.3.1
    • libasm1-32bit-debuginfo-0.177-150300.11.3.1
    • libdwarves-devel-32bit-1.22-150300.7.3.1
    • libdwarves1-32bit-1.22-150300.7.3.1
    • libebl-plugins-32bit-0.177-150300.11.3.1
    • libdw1-32bit-debuginfo-0.177-150300.11.3.1
    • libebl-plugins-32bit-debuginfo-0.177-150300.11.3.1
    • libasm1-32bit-0.177-150300.11.3.1
  • openSUSE Leap 15.3 (noarch)
    • elfutils-lang-0.177-150300.11.3.1
  • openSUSE Leap 15.3 (aarch64_ilp32)
    • libdw1-64bit-debuginfo-0.177-150300.11.3.1
    • libelf1-64bit-0.177-150300.11.3.1
    • libelf-devel-64bit-0.177-150300.11.3.1
    • libasm1-64bit-debuginfo-0.177-150300.11.3.1
    • libdwarves1-64bit-debuginfo-1.22-150300.7.3.1
    • libebl-plugins-64bit-0.177-150300.11.3.1
    • libebl-plugins-64bit-debuginfo-0.177-150300.11.3.1
    • libdw1-64bit-0.177-150300.11.3.1
    • libdwarves1-64bit-1.22-150300.7.3.1
    • libelf1-64bit-debuginfo-0.177-150300.11.3.1
    • libdwarves-devel-64bit-1.22-150300.7.3.1
    • libasm1-64bit-0.177-150300.11.3.1
  • Basesystem Module 15-SP3 (aarch64 ppc64le s390x x86_64)
    • libdw1-debuginfo-0.177-150300.11.3.1
    • libebl-devel-0.177-150300.11.3.1
    • libebl-plugins-0.177-150300.11.3.1
    • libdwarves1-debuginfo-1.22-150300.7.3.1
    • libasm-devel-0.177-150300.11.3.1
    • libelf1-0.177-150300.11.3.1
    • libdw-devel-0.177-150300.11.3.1
    • elfutils-debuginfo-0.177-150300.11.3.1
    • dwarves-debugsource-1.22-150300.7.3.1
    • libdwarves-devel-1.22-150300.7.3.1
    • elfutils-0.177-150300.11.3.1
    • libdwarves1-1.22-150300.7.3.1
    • elfutils-debugsource-0.177-150300.11.3.1
    • libelf-devel-0.177-150300.11.3.1
    • libasm1-debuginfo-0.177-150300.11.3.1
    • libasm1-0.177-150300.11.3.1
    • dwarves-1.22-150300.7.3.1
    • libebl-plugins-debuginfo-0.177-150300.11.3.1
    • libdw1-0.177-150300.11.3.1
    • dwarves-debuginfo-1.22-150300.7.3.1
    • libelf1-debuginfo-0.177-150300.11.3.1
  • Basesystem Module 15-SP3 (noarch)
    • elfutils-lang-0.177-150300.11.3.1
  • Basesystem Module 15-SP3 (x86_64)
    • libelf1-32bit-debuginfo-0.177-150300.11.3.1
    • libdw1-32bit-0.177-150300.11.3.1
    • libdwarves1-32bit-debuginfo-1.22-150300.7.3.1
    • libelf1-32bit-0.177-150300.11.3.1
    • libdwarves-devel-32bit-1.22-150300.7.3.1
    • libdwarves1-32bit-1.22-150300.7.3.1
    • libebl-plugins-32bit-0.177-150300.11.3.1
    • libdw1-32bit-debuginfo-0.177-150300.11.3.1
    • libebl-plugins-32bit-debuginfo-0.177-150300.11.3.1
  • SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
    • libelf1-0.177-150300.11.3.1
    • libdw1-debuginfo-0.177-150300.11.3.1
    • elfutils-0.177-150300.11.3.1
    • libdwarves1-1.22-150300.7.3.1
    • libebl-plugins-0.177-150300.11.3.1
    • libdwarves1-debuginfo-1.22-150300.7.3.1
    • elfutils-debugsource-0.177-150300.11.3.1
    • libdw1-0.177-150300.11.3.1
    • dwarves-debugsource-1.22-150300.7.3.1
    • libasm1-debuginfo-0.177-150300.11.3.1
    • libelf1-debuginfo-0.177-150300.11.3.1
    • libebl-plugins-debuginfo-0.177-150300.11.3.1
    • elfutils-debuginfo-0.177-150300.11.3.1
    • dwarves-debuginfo-1.22-150300.7.3.1
    • libdwarves-devel-1.22-150300.7.3.1
    • dwarves-1.22-150300.7.3.1
    • libasm1-0.177-150300.11.3.1
  • SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
    • libelf1-0.177-150300.11.3.1
    • libdw1-debuginfo-0.177-150300.11.3.1
    • elfutils-0.177-150300.11.3.1
    • libdwarves1-1.22-150300.7.3.1
    • libebl-plugins-0.177-150300.11.3.1
    • libdwarves1-debuginfo-1.22-150300.7.3.1
    • elfutils-debugsource-0.177-150300.11.3.1
    • libdw1-0.177-150300.11.3.1
    • dwarves-debugsource-1.22-150300.7.3.1
    • libasm1-debuginfo-0.177-150300.11.3.1
    • libelf1-debuginfo-0.177-150300.11.3.1
    • libebl-plugins-debuginfo-0.177-150300.11.3.1
    • elfutils-debuginfo-0.177-150300.11.3.1
    • dwarves-debuginfo-1.22-150300.7.3.1
    • libdwarves-devel-1.22-150300.7.3.1
    • dwarves-1.22-150300.7.3.1
    • libasm1-0.177-150300.11.3.1
  • SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
    • libelf1-0.177-150300.11.3.1
    • libdw1-debuginfo-0.177-150300.11.3.1
    • elfutils-0.177-150300.11.3.1
    • libdwarves1-1.22-150300.7.3.1
    • libebl-plugins-0.177-150300.11.3.1
    • libdwarves1-debuginfo-1.22-150300.7.3.1
    • elfutils-debugsource-0.177-150300.11.3.1
    • libdw1-0.177-150300.11.3.1
    • dwarves-debugsource-1.22-150300.7.3.1
    • libasm1-debuginfo-0.177-150300.11.3.1
    • libelf1-debuginfo-0.177-150300.11.3.1
    • libebl-plugins-debuginfo-0.177-150300.11.3.1
    • elfutils-debuginfo-0.177-150300.11.3.1
    • dwarves-debuginfo-1.22-150300.7.3.1
    • libdwarves-devel-1.22-150300.7.3.1
    • dwarves-1.22-150300.7.3.1
    • libasm1-0.177-150300.11.3.1

References: