Security Advisory elfutils security update

Advisory: RHSA-2006:0368-7
Type: Security Advisory
Severity: Low
Issued on: 2006-07-20
Last updated on: 2006-07-20
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2005-1704

Details

Updated elfutils packages that address a minor security issue and various
other issues are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

The elfutils packages contain a number of utility programs and libraries
related to the creation and maintenance of executable code.

The elfutils packages that originally shipped with Red Hat Enterprise Linux
3 were GPL-licensed versions which lacked some functionality. Previous
updates provided fully functional versions of elfutils only under the OSL
license. This update provides a fully functional, GPL-licensed version of
elfutils.

In the OSL-licensed elfutils versions provided in previous updates, some
tools could sometimes crash when given corrupted input files. (CVE-2005-1704)

Also, when the eu-strip tool was used to create separate debuginfo files
from relocatable objects such as kernel modules (.ko), the resulting
debuginfo files (.ko.debug) were sometimes corrupted. Both of these
problems are fixed in the new version.

Users of elfutils should upgrade to these updated packages, which resolve
these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
elfutils-0.94.1-2.src.rpm     f9c89885daf3d51a699b99db4855b33c
 
IA-32:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-devel-0.94.1-2.i386.rpm     bdfc7c99932291ae6ab742fd60ae0ca0
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-devel-0.94.1-2.i386.rpm     b327fb13b08f74b472800b700439c39d
 
x86_64:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-0.94.1-2.x86_64.rpm     55c216e57fdf0edf3623cdadd814456e
elfutils-devel-0.94.1-2.x86_64.rpm     921e1675d0c270e6f8e20a7413a65955
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-0.94.1-2.x86_64.rpm     5516fefe4b2c4ec3dd491cdc09f1f153
elfutils-libelf-devel-0.94.1-2.x86_64.rpm     85aa5c18b57bcd149b074092e77aa172
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
elfutils-0.94.1-2.src.rpm     f9c89885daf3d51a699b99db4855b33c
 
IA-32:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-devel-0.94.1-2.i386.rpm     bdfc7c99932291ae6ab742fd60ae0ca0
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-devel-0.94.1-2.i386.rpm     b327fb13b08f74b472800b700439c39d
 
IA-64:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-0.94.1-2.ia64.rpm     148e0a5469f1808517416a0b8e319c48
elfutils-devel-0.94.1-2.ia64.rpm     d69aa822ad4a73e1796fb699285a3e16
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-0.94.1-2.ia64.rpm     4981bc501ca8ede3a23c6ebf469f85b3
elfutils-libelf-devel-0.94.1-2.ia64.rpm     8b9a5084a9c8f34b94198908bab6b6a2
 
PPC:
elfutils-0.94.1-2.ppc.rpm     b9341cf90ec0737298a7e57d6a57b593
elfutils-0.94.1-2.ppc64.rpm     037d2690cc56966149c2a3b2ba8e4885
elfutils-devel-0.94.1-2.ppc.rpm     36398c56fe8adca7e4fdf4f084d513d4
elfutils-libelf-0.94.1-2.ppc.rpm     d2c559b82e34b035c2f0864b34f56fa9
elfutils-libelf-0.94.1-2.ppc64.rpm     9e94d133ca19169f88f364e483bba629
elfutils-libelf-devel-0.94.1-2.ppc.rpm     958ca58a79551292277ae448a01c5e01
 
s390:
elfutils-0.94.1-2.s390.rpm     a66109327605d7652f5cca2f6edc4c9c
elfutils-devel-0.94.1-2.s390.rpm     bb297fba4cb392fff25d2982f924ab81
elfutils-libelf-0.94.1-2.s390.rpm     92619133e3d38c362c540520573b39da
elfutils-libelf-devel-0.94.1-2.s390.rpm     390fb07654eb89b5f43930720c419f98
 
s390x:
elfutils-0.94.1-2.s390.rpm     a66109327605d7652f5cca2f6edc4c9c
elfutils-0.94.1-2.s390x.rpm     a5498050a32775173fc9ea3faa6dfd9d
elfutils-devel-0.94.1-2.s390x.rpm     dc2cc5075dbda8c07108d7b5e60c7cdf
elfutils-libelf-0.94.1-2.s390.rpm     92619133e3d38c362c540520573b39da
elfutils-libelf-0.94.1-2.s390x.rpm     82431bc3f0c38f026d192b15b5f0d8ea
elfutils-libelf-devel-0.94.1-2.s390x.rpm     da86201bdfedb1bc639cd033e28601ad
 
x86_64:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-0.94.1-2.x86_64.rpm     55c216e57fdf0edf3623cdadd814456e
elfutils-devel-0.94.1-2.x86_64.rpm     921e1675d0c270e6f8e20a7413a65955
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-0.94.1-2.x86_64.rpm     5516fefe4b2c4ec3dd491cdc09f1f153
elfutils-libelf-devel-0.94.1-2.x86_64.rpm     85aa5c18b57bcd149b074092e77aa172
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
elfutils-0.94.1-2.src.rpm     f9c89885daf3d51a699b99db4855b33c
 
IA-32:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-devel-0.94.1-2.i386.rpm     bdfc7c99932291ae6ab742fd60ae0ca0
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-devel-0.94.1-2.i386.rpm     b327fb13b08f74b472800b700439c39d
 
IA-64:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-0.94.1-2.ia64.rpm     148e0a5469f1808517416a0b8e319c48
elfutils-devel-0.94.1-2.ia64.rpm     d69aa822ad4a73e1796fb699285a3e16
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-0.94.1-2.ia64.rpm     4981bc501ca8ede3a23c6ebf469f85b3
elfutils-libelf-devel-0.94.1-2.ia64.rpm     8b9a5084a9c8f34b94198908bab6b6a2
 
x86_64:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-0.94.1-2.x86_64.rpm     55c216e57fdf0edf3623cdadd814456e
elfutils-devel-0.94.1-2.x86_64.rpm     921e1675d0c270e6f8e20a7413a65955
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-0.94.1-2.x86_64.rpm     5516fefe4b2c4ec3dd491cdc09f1f153
elfutils-libelf-devel-0.94.1-2.x86_64.rpm     85aa5c18b57bcd149b074092e77aa172
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
elfutils-0.94.1-2.src.rpm     f9c89885daf3d51a699b99db4855b33c
 
IA-32:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-devel-0.94.1-2.i386.rpm     bdfc7c99932291ae6ab742fd60ae0ca0
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-devel-0.94.1-2.i386.rpm     b327fb13b08f74b472800b700439c39d
 
IA-64:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-0.94.1-2.ia64.rpm     148e0a5469f1808517416a0b8e319c48
elfutils-devel-0.94.1-2.ia64.rpm     d69aa822ad4a73e1796fb699285a3e16
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-0.94.1-2.ia64.rpm     4981bc501ca8ede3a23c6ebf469f85b3
elfutils-libelf-devel-0.94.1-2.ia64.rpm     8b9a5084a9c8f34b94198908bab6b6a2
 
x86_64:
elfutils-0.94.1-2.i386.rpm     aff3e63cdad846aa2d8f866ae517c388
elfutils-0.94.1-2.x86_64.rpm     55c216e57fdf0edf3623cdadd814456e
elfutils-devel-0.94.1-2.x86_64.rpm     921e1675d0c270e6f8e20a7413a65955
elfutils-libelf-0.94.1-2.i386.rpm     676234c6860bfddc964ef7c9ad15c7f3
elfutils-libelf-0.94.1-2.x86_64.rpm     5516fefe4b2c4ec3dd491cdc09f1f153
elfutils-libelf-devel-0.94.1-2.x86_64.rpm     85aa5c18b57bcd149b074092e77aa172
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

159908 - CVE-2005-1704 Integer overflow in libelf
187507 - RHEL3 U8: Elfutils license upgrade
189114 - eu-strip mangles separate debuginfo with relocation sections


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704
http://www.redhat.com/security/updates/classification/#low

Keywords

elfutils

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/