moderate: giflib/elfutils security update
moderate
An update for giflib/elfutils is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
giflib:
elfutils:
Security Fix(es):
giflib: A flaw was found in giflib, in the command-line tool gif2rgb. Information disclosure is possible due to a buffer overflow in the DumpScreen2RGB() function.(CVE-2022-28506)
giflib: v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.(CVE-2023-39742)
giflib: A security flaw related to buffer overflow has been identified in GifLib. This flaw allows a nearby attacker to access sensitive information through the DumpSCreen2RGB function in gif2rgb.c.(CVE-2023-48161)
giflib: bugfix
elfutils: A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.(CVE-2024-25260)
elfutils: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.