Updated elfutils packages has been released for both Ubuntu 14.04 LTS and 16.04 LTS. This addresses an issue where elfutils could be made to crash or consume resources if it opened a specially crafted file.
==========================================================================Elfutils Security Update for Ubuntu
Ubuntu Security Notice USN-3670-1
June 05, 2018
elfutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
elfutils could be made to crash or consume resources if it opened a
specially crafted file.
Software Description:
- elfutils: collection of utilities to handle ELF objects
Details:
Agostino Sarubbo discovered that elfutils incorrectly handled certain
malformed ELF files. If a user or automated system were tricked into
processing a specially crafted ELF file, elfutils could be made to crash or
consume resources, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
elfutils 0.165-3ubuntu1.1
libasm1 0.165-3ubuntu1.1
libdw1 0.165-3ubuntu1.1
libelf1 0.165-3ubuntu1.1
Ubuntu 14.04 LTS:
elfutils 0.158-0ubuntu5.3
libasm1 0.158-0ubuntu5.3
libdw1 0.158-0ubuntu5.3
libelf1 0.158-0ubuntu5.3
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3670-1
CVE-2016-10254, CVE-2016-10255, CVE-2017-7607, CVE-2017-7608,
CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612,
CVE-2017-7613
Package Information:
https://launchpad.net/ubuntu/+source/elfutils/0.165-3ubuntu1.1
https://launchpad.net/ubuntu/+source/elfutils/0.158-0ubuntu5.3
