RHSA-2006:0368-01 Low: elfutils security update
Posted on: 07/20/2006 03:12 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: elfutils security update
Advisory ID: RHSA-2006:0368-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0368.html
Issue date: 2006-07-20
Updated on: 2006-07-20
Product: Red Hat Enterprise Linux
Keywords: elfutils
CVE Names: CVE-2005-1704
- ---------------------------------------------------------------------

1. Summary:

Updated elfutils packages that address a minor security issue and various
other issues are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The elfutils packages contain a number of utility programs and libraries
related to the creation and maintenance of executable code.

The elfutils packages that originally shipped with Red Hat Enterprise Linux
3 were GPL-licensed versions which lacked some functionality. Previous
updates provided fully functional versions of elfutils only under the OSL
license. This update provides a fully functional, GPL-licensed version of
elfutils.

In the OSL-licensed elfutils versions provided in previous updates, some
tools could sometimes crash when given corrupted input files. (CVE-2005-1704)

Also, when the eu-strip tool was used to create separate debuginfo files
from relocatable objects such as kernel modules (.ko), the resulting
debuginfo files (.ko.debug) were sometimes corrupted. Both of these
problems are fixed in the new version.

Users of elfutils should upgrade to these updated packages, which resolve
these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159908 - CVE-2005-1704 Integer overflow in libelf
187507 - RHEL3 U8: Elfutils license upgrade
189114 - eu-strip mangles separate debuginfo with relocation sections

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/elfutils-0.94.1-2.src.rpm
f9c89885daf3d51a699b99db4855b33c elfutils-0.94.1-2.src.rpm

i386:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
bdfc7c99932291ae6ab742fd60ae0ca0 elfutils-devel-0.94.1-2.i386.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
b327fb13b08f74b472800b700439c39d elfutils-libelf-devel-0.94.1-2.i386.rpm

ia64:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
148e0a5469f1808517416a0b8e319c48 elfutils-0.94.1-2.ia64.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
edda45ae94832daec035f16fad0ae1cf elfutils-debuginfo-0.94.1-2.ia64.rpm
d69aa822ad4a73e1796fb699285a3e16 elfutils-devel-0.94.1-2.ia64.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
4981bc501ca8ede3a23c6ebf469f85b3 elfutils-libelf-0.94.1-2.ia64.rpm
8b9a5084a9c8f34b94198908bab6b6a2 elfutils-libelf-devel-0.94.1-2.ia64.rpm

ppc:
b9341cf90ec0737298a7e57d6a57b593 elfutils-0.94.1-2.ppc.rpm
037d2690cc56966149c2a3b2ba8e4885 elfutils-0.94.1-2.ppc64.rpm
75a4d805f6f4bc5bc01408429082775e elfutils-debuginfo-0.94.1-2.ppc.rpm
33e5662958e13b7f448bc9863e375838 elfutils-debuginfo-0.94.1-2.ppc64.rpm
36398c56fe8adca7e4fdf4f084d513d4 elfutils-devel-0.94.1-2.ppc.rpm
d2c559b82e34b035c2f0864b34f56fa9 elfutils-libelf-0.94.1-2.ppc.rpm
9e94d133ca19169f88f364e483bba629 elfutils-libelf-0.94.1-2.ppc64.rpm
958ca58a79551292277ae448a01c5e01 elfutils-libelf-devel-0.94.1-2.ppc.rpm

s390:
a66109327605d7652f5cca2f6edc4c9c elfutils-0.94.1-2.s390.rpm
36974e8ef9add022fa300041e8ce7529 elfutils-debuginfo-0.94.1-2.s390.rpm
bb297fba4cb392fff25d2982f924ab81 elfutils-devel-0.94.1-2.s390.rpm
92619133e3d38c362c540520573b39da elfutils-libelf-0.94.1-2.s390.rpm
390fb07654eb89b5f43930720c419f98 elfutils-libelf-devel-0.94.1-2.s390.rpm

s390x:
a66109327605d7652f5cca2f6edc4c9c elfutils-0.94.1-2.s390.rpm
a5498050a32775173fc9ea3faa6dfd9d elfutils-0.94.1-2.s390x.rpm
36974e8ef9add022fa300041e8ce7529 elfutils-debuginfo-0.94.1-2.s390.rpm
a2d5048fcc7a763321eaf50eed9eb1a6 elfutils-debuginfo-0.94.1-2.s390x.rpm
dc2cc5075dbda8c07108d7b5e60c7cdf elfutils-devel-0.94.1-2.s390x.rpm
92619133e3d38c362c540520573b39da elfutils-libelf-0.94.1-2.s390.rpm
82431bc3f0c38f026d192b15b5f0d8ea elfutils-libelf-0.94.1-2.s390x.rpm
da86201bdfedb1bc639cd033e28601ad elfutils-libelf-devel-0.94.1-2.s390x.rpm

x86_64:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
55c216e57fdf0edf3623cdadd814456e elfutils-0.94.1-2.x86_64.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
f389c86cba1e5fbda8d1798ecc32d142 elfutils-debuginfo-0.94.1-2.x86_64.rpm
921e1675d0c270e6f8e20a7413a65955 elfutils-devel-0.94.1-2.x86_64.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
5516fefe4b2c4ec3dd491cdc09f1f153 elfutils-libelf-0.94.1-2.x86_64.rpm
85aa5c18b57bcd149b074092e77aa172 elfutils-libelf-devel-0.94.1-2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/elfutils-0.94.1-2.src.rpm
f9c89885daf3d51a699b99db4855b33c elfutils-0.94.1-2.src.rpm

i386:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
bdfc7c99932291ae6ab742fd60ae0ca0 elfutils-devel-0.94.1-2.i386.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
b327fb13b08f74b472800b700439c39d elfutils-libelf-devel-0.94.1-2.i386.rpm

x86_64:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
55c216e57fdf0edf3623cdadd814456e elfutils-0.94.1-2.x86_64.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
f389c86cba1e5fbda8d1798ecc32d142 elfutils-debuginfo-0.94.1-2.x86_64.rpm
921e1675d0c270e6f8e20a7413a65955 elfutils-devel-0.94.1-2.x86_64.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
5516fefe4b2c4ec3dd491cdc09f1f153 elfutils-libelf-0.94.1-2.x86_64.rpm
85aa5c18b57bcd149b074092e77aa172 elfutils-libelf-devel-0.94.1-2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/elfutils-0.94.1-2.src.rpm
f9c89885daf3d51a699b99db4855b33c elfutils-0.94.1-2.src.rpm

i386:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
bdfc7c99932291ae6ab742fd60ae0ca0 elfutils-devel-0.94.1-2.i386.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
b327fb13b08f74b472800b700439c39d elfutils-libelf-devel-0.94.1-2.i386.rpm

ia64:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
148e0a5469f1808517416a0b8e319c48 elfutils-0.94.1-2.ia64.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
edda45ae94832daec035f16fad0ae1cf elfutils-debuginfo-0.94.1-2.ia64.rpm
d69aa822ad4a73e1796fb699285a3e16 elfutils-devel-0.94.1-2.ia64.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
4981bc501ca8ede3a23c6ebf469f85b3 elfutils-libelf-0.94.1-2.ia64.rpm
8b9a5084a9c8f34b94198908bab6b6a2 elfutils-libelf-devel-0.94.1-2.ia64.rpm

x86_64:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
55c216e57fdf0edf3623cdadd814456e elfutils-0.94.1-2.x86_64.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
f389c86cba1e5fbda8d1798ecc32d142 elfutils-debuginfo-0.94.1-2.x86_64.rpm
921e1675d0c270e6f8e20a7413a65955 elfutils-devel-0.94.1-2.x86_64.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
5516fefe4b2c4ec3dd491cdc09f1f153 elfutils-libelf-0.94.1-2.x86_64.rpm
85aa5c18b57bcd149b074092e77aa172 elfutils-libelf-devel-0.94.1-2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/elfutils-0.94.1-2.src.rpm
f9c89885daf3d51a699b99db4855b33c elfutils-0.94.1-2.src.rpm

i386:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
bdfc7c99932291ae6ab742fd60ae0ca0 elfutils-devel-0.94.1-2.i386.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
b327fb13b08f74b472800b700439c39d elfutils-libelf-devel-0.94.1-2.i386.rpm

ia64:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
148e0a5469f1808517416a0b8e319c48 elfutils-0.94.1-2.ia64.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
edda45ae94832daec035f16fad0ae1cf elfutils-debuginfo-0.94.1-2.ia64.rpm
d69aa822ad4a73e1796fb699285a3e16 elfutils-devel-0.94.1-2.ia64.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
4981bc501ca8ede3a23c6ebf469f85b3 elfutils-libelf-0.94.1-2.ia64.rpm
8b9a5084a9c8f34b94198908bab6b6a2 elfutils-libelf-devel-0.94.1-2.ia64.rpm

x86_64:
aff3e63cdad846aa2d8f866ae517c388 elfutils-0.94.1-2.i386.rpm
55c216e57fdf0edf3623cdadd814456e elfutils-0.94.1-2.x86_64.rpm
7b39a06ce634c2905b419a97c48f0b42 elfutils-debuginfo-0.94.1-2.i386.rpm
f389c86cba1e5fbda8d1798ecc32d142 elfutils-debuginfo-0.94.1-2.x86_64.rpm
921e1675d0c270e6f8e20a7413a65955 elfutils-devel-0.94.1-2.x86_64.rpm
676234c6860bfddc964ef7c9ad15c7f3 elfutils-libelf-0.94.1-2.i386.rpm
5516fefe4b2c4ec3dd491cdc09f1f153 elfutils-libelf-0.94.1-2.x86_64.rpm
85aa5c18b57bcd149b074092e77aa172 elfutils-libelf-devel-0.94.1-2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEv4NvXlSAg2UNWIIRAqJqAKDC1zPip3KgakhLsFVOy4yBztYo3gCgtqgI
Fi1xbcIXOFWS8WwpeDzk0hY=
=g9+K
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20060368_01_low_elfutils_security_update.html)