1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00

elfutils: Fix CVE-2025-1365

A vulnerability, which was classified as critical, was found in GNU elfutils
0.192. This affects the function process_symtab of the file readelf.c of the
component eu-readelf. The manipulation of the argument D/a leads to buffer
overflow. Local access is required to approach this attack. The exploit has
been disclosed to the public and may be used. The identifier of the patch is
5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch
to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1365
https://ubuntu.com/security/CVE-2025-1365

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=5e5c0394d82c53e97750fe7b18023e6f84157b81

(From OE-Core rev: deb03581745a0722e1a52a8d4ee63cdc863ad014)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Soumya Sambu
2025-08-13 17:40:58 +05:30
committed by Steve Sakoman
parent 26ec7d6e30
commit 17c3ea7ff8
2 changed files with 153 additions and 0 deletions
@@ -23,6 +23,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
file://0001-config-eu.am-do-not-force-Werror.patch \
file://0001-libelf-Add-libeu-objects-to-libelf.a-static-archive.patch \
file://CVE-2025-1352.patch \
file://CVE-2025-1365.patch \
"
SRC_URI:append:libc-musl = " \
file://0003-musl-utils.patch \