SUSE SLED15: dwarves / elfutils / elfutils-lang / libasm-devel / libasm1 / etc (SUSE-SU-2022:2614-1)

critical Nessus Plugin ID 163686

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2614-1 advisory.

elfutils was updated to version 0.177 (jsc#SLE-24501):

- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.

Update to version 0.176:

- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)

Update to version 0.175:

- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu- ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)

Update to version 0.174:

- libelf, libdw and all tools now handle extended shnum and shstrndx correctly.

- elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)

Update to version 0.173:

- More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names.

Update to version 0.172:

- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.

Update to version 0.171:

- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.

There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

- libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1033084

https://bugzilla.suse.com/1033085

https://bugzilla.suse.com/1033086

https://bugzilla.suse.com/1033087

https://bugzilla.suse.com/1033088

https://bugzilla.suse.com/1033089

https://bugzilla.suse.com/1033090

https://bugzilla.suse.com/1082318

https://bugzilla.suse.com/1104264

https://bugzilla.suse.com/1106390

https://bugzilla.suse.com/1107066

https://bugzilla.suse.com/1107067

https://bugzilla.suse.com/1111973

https://bugzilla.suse.com/1112723

https://bugzilla.suse.com/1112726

https://bugzilla.suse.com/1123685

https://bugzilla.suse.com/1125007

https://www.suse.com/security/cve/CVE-2017-7607

https://www.suse.com/security/cve/CVE-2017-7608

https://www.suse.com/security/cve/CVE-2017-7609

https://www.suse.com/security/cve/CVE-2017-7610

https://www.suse.com/security/cve/CVE-2017-7611

https://www.suse.com/security/cve/CVE-2017-7612

https://www.suse.com/security/cve/CVE-2017-7613

https://www.suse.com/security/cve/CVE-2018-16062

https://www.suse.com/security/cve/CVE-2018-16402

https://www.suse.com/security/cve/CVE-2018-16403

https://www.suse.com/security/cve/CVE-2018-18310

https://www.suse.com/security/cve/CVE-2018-18520

https://www.suse.com/security/cve/CVE-2018-18521

https://www.suse.com/security/cve/CVE-2019-7146

https://www.suse.com/security/cve/CVE-2019-7148

https://www.suse.com/security/cve/CVE-2019-7149

https://www.suse.com/security/cve/CVE-2019-7150

https://www.suse.com/security/cve/CVE-2019-7664

https://www.suse.com/security/cve/CVE-2019-7665

http://www.nessus.org/u?45bdf3f8

Plugin Details

Severity: Critical

ID: 163686

File Name: suse_SU-2022-2614-1.nasl

Version: 1.7

Type: Local

Agent: unix

Published: 8/2/2022

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-16402

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:elfutils-lang, p-cpe:/a:novell:suse_linux:libasm1, p-cpe:/a:novell:suse_linux:libebl-plugins, p-cpe:/a:novell:suse_linux:libebl-plugins-32bit, p-cpe:/a:novell:suse_linux:libasm-devel, p-cpe:/a:novell:suse_linux:libdwarves1-32bit, p-cpe:/a:novell:suse_linux:elfutils, p-cpe:/a:novell:suse_linux:dwarves, p-cpe:/a:novell:suse_linux:libelf-devel, p-cpe:/a:novell:suse_linux:libdw1, p-cpe:/a:novell:suse_linux:libdwarves1, p-cpe:/a:novell:suse_linux:libdw1-32bit, p-cpe:/a:novell:suse_linux:libdwarves-devel, p-cpe:/a:novell:suse_linux:libdw-devel, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:libelf1, p-cpe:/a:novell:suse_linux:libdwarves-devel-32bit, p-cpe:/a:novell:suse_linux:libelf1-32bit, p-cpe:/a:novell:suse_linux:libebl-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/1/2022

Vulnerability Publication Date: 4/9/2017

Reference Information

CVE: CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665

SuSE: SUSE-SU-2022:2614-1