Debian 9942 Published by

An elfutils security update has been released for Debian GNU/Linux 10 LTS to address missing bound checks that result in denial-of-services.

[SECURITY] [DLA 3579-1] elfutils security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3579-1 Thorsten Alteholz
September 23, 2023
- -------------------------------------------------------------------------

Package : elfutils
Version : 0.176-1.1+deb10u1
CVE ID : CVE-2020-21047

An issue has been found in elfutils, a collection of utilities to handle
ELF objects.
Due to missing bound checks and reachable asserts, an attacker can
use crafted elf files to trigger application crashes that result in

For Debian 10 buster, this problem has been fixed in version

We recommend that you upgrade your elfutils packages.

For the detailed security status of elfutils please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: