| Package | elfutils |
|---|---|
| Version | 0.159-4.2+deb8u2 (jessie), 0.168-1+deb9u2 (stretch) |
| Related CVEs | CVE-2020-21047 |
An issue has been found in elfutils, a collection of utilities to handle ELF objects. Due to missing bound checks and reachable asserts, an attacker can use crafted elf files to trigger application crashes that result in denial-of-services.
As part of this update, CVE-2019-7149 has been fixed as well in Stretch. Due to a heap-buffer-overflow problem in function read_srclines() a crafted ELF input can cause segmentation faults.
For Debian 8 jessie, these problems have been fixed in version 0.159-4.2+deb8u2.
For Debian 9 stretch, these problems have been fixed in version 0.168-1+deb9u2.
We recommend that you upgrade your elfutils packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.