Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether
the dyn data read from core file is truncated (bnc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero
terminated string (CVE is a bit misleading, as this is not a bug
in libelf as described) (bnc#1125007)
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the
function arlib_add_symbols() used by eu-ranlib (bnc#1112723)
- CVE-2018-18310: Invalid Address Read problem in
dwfl_segment_report_module.c (bnc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are
files (bnc#1112726)
- CVE-2018-16402: libelf: denial of service/double free on an
attempt to decompress the same section twice (bnc#1107066)
Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067)
- CVE-2018-16062: heap-buffer-overflow in
/elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390)
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
application crash) via a crafted ELF file (bnc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group
(bnc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress
(bnc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
(readelf.c) (bnc#1033084)
- CVE-2016-7608: heap-based buffer overflow in
ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption)
via a crafted ELF file (bnc#1033090)