UbuntuUpdates.org

Package "elfutils"

Name: elfutils

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • debuginfo-related http file-server daemon
Latest version: 0.190-1.1ubuntu0.1
Release: noble (24.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "elfutils" in Noble

Repository Area Version
base universe 0.190-1.1build4
base main 0.190-1.1build4
security main 0.190-1.1ubuntu0.1
updates main 0.190-1.1ubuntu0.1
updates universe 0.190-1.1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.190-1.1ubuntu0.1 2025-03-25 00:07:00 UTC

  elfutils (0.190-1.1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-25260.patch: Fix arm_machine_flag_name
      version string.
    - CVE-2024-25260
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2025-1365.patch: Use validate_str also to check
      dynamic symstr data.
    - CVE-2025-1365
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-1371.patch: Handle NULL phdr in
      handle_dynamic_symtab.
    - CVE-2025-1371
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-1372.patch: Skip trying to uncompress
      sections without a name.
    - CVE-2025-1372
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-1377.patch: Verify symbol table is a real
      symbol table.
    - CVE-2025-1377

 -- Fabian Toepfer <email address hidden> Mon, 17 Mar 2025 17:03:58 +0100
CVE-2024-25260 elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
CVE-2025-1365 A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of
CVE-2025-1371 A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of
CVE-2025-1372 A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/p
CVE-2025-1377 A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the f


About   -   Send Feedback to @ubuntu_updates