安全公告详情

NS-SA-2019-0258

2019-12-27 14:15:32

简介

important: elfutils/pacemaker security update

严重级别

important

主题

An update for elfutils/pacemaker is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

elfutils: Elfutils is a collection of utilities, including stack (to show backtraces), nm (for listing symbols from object files), size (for listing the section sizes of an object or archive file), strip (for discarding symbols), readelf (to see the raw ELF file structures), elflint (to check for well-formed ELF files) and elfcompress (to compress or decompress ELF sections).
pacemaker: Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : cman coverage doc stonithd hardening pre_release profiling


Security Fix(es):
elfutils: An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file.(CVE-2018-16062)
elfutils: belf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.(CVE-2018-16402)
elfutils: bdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.(CVE-2018-16403)
elfutils: A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.(CVE-2019-7149)
elfutils: An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.(CVE-2019-7150)
elfutils: An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.(CVE-2018-18520)
elfutils: Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.(CVE-2018-18521)
elfutils: An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.(CVE-2018-18310)
elfutils: In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.(CVE-2019-7665)
elfutils: In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).(CVE-2019-7664)
elfutils: In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.(CVE-2019-7146)
elfutils: **DISPUTED** An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."(CVE-2019-7148)
elfutils: bugfix
pacemaker: A flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.(CVE-2018-16877)
pacemaker: A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs.(CVE-2019-3885)
pacemaker: A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS.(CVE-2018-16878)
pacemaker: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F7.

影响组件

  • elfutils
  • pacemaker

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["elfutils-0.176-2.el7.cgslv5_5.x86_64.rpm","elfutils-debuginfo-0.176-2.el7.cgslv5_5.x86_64.rpm","elfutils-default-yama-scope-0.176-2.el7.cgslv5_5.noarch.rpm","elfutils-devel-0.176-2.el7.cgslv5_5.x86_64.rpm","elfutils-devel-static-0.176-2.el7.cgslv5_5.x86_64.rpm","elfutils-libelf-0.176-2.el7.cgslv5_5.x86_64.rpm","elfutils-libelf-devel-0.176-2.el7.cgslv5_5.x86_64.rpm","elfutils-libelf-devel-static-0.176-2.el7.cgslv5_5.x86_64.rpm","elfutils-libs-0.176-2.el7.cgslv5_5.x86_64.rpm"],"source":"elfutils-0.176-2.el7.cgslv5_5.src.rpm"},{"binary":["pacemaker-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-cli-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-cluster-libs-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-cts-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-debuginfo-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-doc-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-libs-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-libs-devel-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-nagios-plugins-metadata-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-remote-1.1.20-5.el7_7.1.x86_64.rpm"],"source":"pacemaker-1.1.20-5.el7_7.1.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["elfutils-devel-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.x86_64.rpm","elfutils-devel-static-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.x86_64.rpm","elfutils-libelf-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.x86_64.rpm","elfutils-libelf-devel-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.x86_64.rpm","elfutils-libelf-devel-static-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.x86_64.rpm","elfutils-libelf-lang-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.x86_64.rpm","elfutils-libs-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.x86_64.rpm","elfutils-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.x86_64.rpm","elfutils-debuginfo-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.x86_64.rpm","elfutils-default-yama-scope-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.noarch.rpm"],"source":"elfutils-0.176-2.el7.cgslv5_5.0.1.gf2430b1.lite.src.rpm"},{"binary":["pacemaker-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-cli-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-cluster-libs-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-cts-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-debuginfo-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-doc-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-libs-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-libs-devel-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-nagios-plugins-metadata-1.1.20-5.el7_7.1.x86_64.rpm","pacemaker-remote-1.1.20-5.el7_7.1.x86_64.rpm"],"source":"pacemaker-1.1.20-5.el7_7.1.src.rpm"}]}]}

CVE

参考