mirror of
https://git.yoctoproject.org/poky
synced 2026-07-17 04:07:06 +00:00
elfutils: Fix CVE-2025-1371
A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-1371 https://ubuntu.com/security/CVE-2025-1371 Upstream patch: https://sourceware.org/git/?p=elfutils.git;a=commit;h=b38e562a4c907e08171c76b8b2def8464d5a104a (From OE-Core rev: 36a322934f6f7dc8d0890c531d68c0f7de69be13) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
committed by
Steve Sakoman
parent
17c3ea7ff8
commit
f199f5e3a6
@@ -24,6 +24,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
|
||||
file://0001-libelf-Add-libeu-objects-to-libelf.a-static-archive.patch \
|
||||
file://CVE-2025-1352.patch \
|
||||
file://CVE-2025-1365.patch \
|
||||
file://CVE-2025-1371.patch \
|
||||
"
|
||||
SRC_URI:append:libc-musl = " \
|
||||
file://0003-musl-utils.patch \
|
||||
|
||||
Reference in New Issue
Block a user