1
PublicDateAtUSN: 2017-04-09
2
Candidate: CVE-2017-7607
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607
6
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/
7
https://usn.ubuntu.com/usn/usn-3670-1
9
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote
10
attackers to cause a denial of service (heap-based buffer over-read and
11
application crash) via a crafted ELF file.
15
https://sourceware.org/bugzilla/show_bug.cgi?id=21299
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859996
18
Discovered-by: Agostino Sarubbo
22
upstream: https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=9d84fdd78705d7a1b9947a9f4ca77fbccdd76d4a
23
upstream_elfutils: needed
24
precise_elfutils: ignored (reached end-of-life)
25
precise/esm_elfutils: needed
26
trusty_elfutils: released (0.158-0ubuntu5.3)
27
vivid/stable-phone-overlay_elfutils: ignored (reached end-of-life)
28
vivid/ubuntu-core_elfutils: DNE
29
xenial_elfutils: released (0.165-3ubuntu1.1)
30
yakkety_elfutils: ignored (reached end-of-life)
31
zesty_elfutils: ignored (reached end-of-life)
32
artful_elfutils: released (0.170-0.1)
33
bionic_elfutils: released (0.170-0.4)
34
devel_elfutils: released (0.170-0.4)