1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00
Commit Graph

8 Commits

Author SHA1 Message Date
Soumya Sambu 906ca66083 elfutils: Fix CVE-2025-1377
A vulnerability, which was classified as problematic, has been found in GNU elfutils
0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the
component eu-strip. The manipulation leads to denial of service. The attack needs to
be approached locally. The exploit has been disclosed to the public and may be used.
The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is
recommended to apply a patch to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1377
https://ubuntu.com/security/CVE-2025-1377

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=fbf1df9ca286de3323ae541973b08449f8d03aba

(From OE-Core rev: 36436f0996d3a84fe6a59434dec1a92704110602)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-08-26 06:33:14 -07:00
Soumya Sambu 92ad2bf885 elfutils: Fix CVE-2025-1376
A vulnerability classified as problematic was found in GNU elfutils 0.192.
This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c
of the component eu-strip. The manipulation leads to denial of service. It is possible
to launch the attack on the local host. The complexity of an attack is rather high. The
exploitation appears to be difficult. The exploit has been disclosed to the public and
may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is
recommended to apply a patch to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1376
https://ubuntu.com/security/CVE-2025-1376

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b16f441cca0a4841050e3215a9f120a6d8aea918

(From OE-Core rev: 603881e34e3bbb7435f0ae91553036eef7f1cb06)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-08-26 06:33:14 -07:00
Soumya Sambu f9e6c1011a elfutils: Fix CVE-2025-1372
A vulnerability was found in GNU elfutils 0.192. It has been declared as critical.
Affected by this vulnerability is the function dump_data_section/print_string_section
of the file readelf.c of the component eu-readelf. The manipulation of the argument
z/x leads to buffer overflow. An attack has to be approached locally. The exploit
has been disclosed to the public and may be used. The identifier of the patch is
73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix
this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1372
https://ubuntu.com/security/CVE-2025-1372

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db

(From OE-Core rev: 76c57e74071f8f2f312d5c62e1f7a1ac74db54be)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-08-26 06:33:14 -07:00
Soumya Sambu f199f5e3a6 elfutils: Fix CVE-2025-1371
A vulnerability has been found in GNU elfutils 0.192 and classified as problematic.
This vulnerability affects the function handle_dynamic_symtab of the file readelf.c
of the component eu-read. The manipulation leads to null pointer dereference.
Attacking locally is a requirement. The exploit has been disclosed to the public and
may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It
is recommended to apply a patch to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1371
https://ubuntu.com/security/CVE-2025-1371

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b38e562a4c907e08171c76b8b2def8464d5a104a

(From OE-Core rev: 36a322934f6f7dc8d0890c531d68c0f7de69be13)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-08-26 06:33:14 -07:00
Soumya Sambu 17c3ea7ff8 elfutils: Fix CVE-2025-1365
A vulnerability, which was classified as critical, was found in GNU elfutils
0.192. This affects the function process_symtab of the file readelf.c of the
component eu-readelf. The manipulation of the argument D/a leads to buffer
overflow. Local access is required to approach this attack. The exploit has
been disclosed to the public and may be used. The identifier of the patch is
5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch
to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1365
https://ubuntu.com/security/CVE-2025-1365

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=5e5c0394d82c53e97750fe7b18023e6f84157b81

(From OE-Core rev: deb03581745a0722e1a52a8d4ee63cdc863ad014)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-08-26 06:33:14 -07:00
Soumya Sambu 26ec7d6e30 elfutils: Fix CVE-2025-1352
A vulnerability has been found in GNU elfutils 0.192 and classified as critical.
This vulnerability affects the function __libdw_thread_tail in the library
libdw_alloc.c of the component eu-readelf. The manipulation of the argument w
leads to memory corruption. The attack can be initiated remotely. The complexity
of an attack is rather high. The exploitation appears to be difficult. The exploit
has been disclosed to the public and may be used. The name of the patch is
2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to
fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1352
https://ubuntu.com/security/CVE-2025-1352

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=2636426a091bd6c6f7f02e49ab20d4cdc6bfc753

(From OE-Core rev: 9f104c2005975c1dce6e67b23e34ab5a2e8f85ab)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-08-26 06:33:14 -07:00
Martin Jansa 94f439bac2 elfutils: backport a fix for libeu objects missing in libelf.a
* since the 0.192 upgrade from:
  https://git.openembedded.org/openembedded-core/commit/?id=1d6ac3c811798732e6addc798656bbe104661d77
  some recipes are failing to build, backport a fix

(From OE-Core rev: b4bd2a2bf603ec4684ac052d55cb2c53972b89e8)

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-09 15:23:28 +00:00
Alexander Kanavin 1d6fa91243 elfutils: upgrade 0.191 -> 0.192
License-Update: copyright years

(From OE-Core rev: 1d6ac3c811798732e6addc798656bbe104661d77)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-05 17:07:10 +00:00