UbuntuUpdates.org

Package "elfutils"

Name: elfutils

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • debuginfo-related http file-server daemon
Latest version: 0.190-1.1ubuntu0.1
Release: noble (24.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "elfutils" in Noble

Repository Area Version
base universe 0.190-1.1build4
base main 0.190-1.1build4
security main 0.190-1.1ubuntu0.1
security universe 0.190-1.1ubuntu0.1
updates main 0.190-1.1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.190-1.1ubuntu0.1 2025-03-25 02:07:14 UTC

  elfutils (0.190-1.1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-25260.patch: Fix arm_machine_flag_name
      version string.
    - CVE-2024-25260
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2025-1365.patch: Use validate_str also to check
      dynamic symstr data.
    - CVE-2025-1365
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-1371.patch: Handle NULL phdr in
      handle_dynamic_symtab.
    - CVE-2025-1371
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-1372.patch: Skip trying to uncompress
      sections without a name.
    - CVE-2025-1372
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-1377.patch: Verify symbol table is a real
      symbol table.
    - CVE-2025-1377

 -- Fabian Toepfer <email address hidden> Mon, 17 Mar 2025 17:03:58 +0100
Source diff to previous version
CVE-2024-25260 elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
CVE-2025-1365 A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of
CVE-2025-1371 A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of
CVE-2025-1372 A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/p
CVE-2025-1377 A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the f

Version: 0.190-1.1build4.1 2025-01-27 18:07:04 UTC

  elfutils (0.190-1.1build4.1) noble; urgency=medium

  * SRU: LP: #2083480: No-change rebuild to disable frame pointers on
    ppc64el and s390x.

 -- Matthias Klose <email address hidden> Wed, 02 Oct 2024 14:40:51 +0200


About   -   Send Feedback to @ubuntu_updates