[RHSA-2006:0368-01] Low: elfutils security update

bugzilla at redhat.com bugzilla at redhat.com
Thu Jul 20 13:21:54 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: elfutils security update
Advisory ID:       RHSA-2006:0368-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0368.html
Issue date:        2006-07-20
Updated on:        2006-07-20
Product:           Red Hat Enterprise Linux
Keywords:          elfutils
CVE Names:         CVE-2005-1704 
- ---------------------------------------------------------------------

1. Summary:

Updated elfutils packages that address a minor security issue and various
other issues are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The elfutils packages contain a number of utility programs and libraries
related to the creation and maintenance of executable code.

The elfutils packages that originally shipped with Red Hat Enterprise Linux
3 were GPL-licensed versions which lacked some functionality. Previous
updates provided fully functional versions of elfutils only under the OSL
license. This update provides a fully functional, GPL-licensed version of
elfutils. 

In the OSL-licensed elfutils versions provided in previous updates, some
tools could sometimes crash when given corrupted input files. (CVE-2005-1704)

Also, when the eu-strip tool was used to create separate debuginfo files
from relocatable objects such as kernel modules (.ko), the resulting
debuginfo files (.ko.debug) were sometimes corrupted.  Both of these
problems are fixed in the new version.

Users of elfutils should upgrade to these updated packages, which resolve
these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159908 - CVE-2005-1704 Integer overflow in libelf
187507 - RHEL3 U8: Elfutils license upgrade
189114 - eu-strip mangles separate debuginfo with relocation sections

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/elfutils-0.94.1-2.src.rpm
f9c89885daf3d51a699b99db4855b33c  elfutils-0.94.1-2.src.rpm

i386:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
bdfc7c99932291ae6ab742fd60ae0ca0  elfutils-devel-0.94.1-2.i386.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
b327fb13b08f74b472800b700439c39d  elfutils-libelf-devel-0.94.1-2.i386.rpm

ia64:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
148e0a5469f1808517416a0b8e319c48  elfutils-0.94.1-2.ia64.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
edda45ae94832daec035f16fad0ae1cf  elfutils-debuginfo-0.94.1-2.ia64.rpm
d69aa822ad4a73e1796fb699285a3e16  elfutils-devel-0.94.1-2.ia64.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
4981bc501ca8ede3a23c6ebf469f85b3  elfutils-libelf-0.94.1-2.ia64.rpm
8b9a5084a9c8f34b94198908bab6b6a2  elfutils-libelf-devel-0.94.1-2.ia64.rpm

ppc:
b9341cf90ec0737298a7e57d6a57b593  elfutils-0.94.1-2.ppc.rpm
037d2690cc56966149c2a3b2ba8e4885  elfutils-0.94.1-2.ppc64.rpm
75a4d805f6f4bc5bc01408429082775e  elfutils-debuginfo-0.94.1-2.ppc.rpm
33e5662958e13b7f448bc9863e375838  elfutils-debuginfo-0.94.1-2.ppc64.rpm
36398c56fe8adca7e4fdf4f084d513d4  elfutils-devel-0.94.1-2.ppc.rpm
d2c559b82e34b035c2f0864b34f56fa9  elfutils-libelf-0.94.1-2.ppc.rpm
9e94d133ca19169f88f364e483bba629  elfutils-libelf-0.94.1-2.ppc64.rpm
958ca58a79551292277ae448a01c5e01  elfutils-libelf-devel-0.94.1-2.ppc.rpm

s390:
a66109327605d7652f5cca2f6edc4c9c  elfutils-0.94.1-2.s390.rpm
36974e8ef9add022fa300041e8ce7529  elfutils-debuginfo-0.94.1-2.s390.rpm
bb297fba4cb392fff25d2982f924ab81  elfutils-devel-0.94.1-2.s390.rpm
92619133e3d38c362c540520573b39da  elfutils-libelf-0.94.1-2.s390.rpm
390fb07654eb89b5f43930720c419f98  elfutils-libelf-devel-0.94.1-2.s390.rpm

s390x:
a66109327605d7652f5cca2f6edc4c9c  elfutils-0.94.1-2.s390.rpm
a5498050a32775173fc9ea3faa6dfd9d  elfutils-0.94.1-2.s390x.rpm
36974e8ef9add022fa300041e8ce7529  elfutils-debuginfo-0.94.1-2.s390.rpm
a2d5048fcc7a763321eaf50eed9eb1a6  elfutils-debuginfo-0.94.1-2.s390x.rpm
dc2cc5075dbda8c07108d7b5e60c7cdf  elfutils-devel-0.94.1-2.s390x.rpm
92619133e3d38c362c540520573b39da  elfutils-libelf-0.94.1-2.s390.rpm
82431bc3f0c38f026d192b15b5f0d8ea  elfutils-libelf-0.94.1-2.s390x.rpm
da86201bdfedb1bc639cd033e28601ad  elfutils-libelf-devel-0.94.1-2.s390x.rpm

x86_64:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
55c216e57fdf0edf3623cdadd814456e  elfutils-0.94.1-2.x86_64.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
f389c86cba1e5fbda8d1798ecc32d142  elfutils-debuginfo-0.94.1-2.x86_64.rpm
921e1675d0c270e6f8e20a7413a65955  elfutils-devel-0.94.1-2.x86_64.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
5516fefe4b2c4ec3dd491cdc09f1f153  elfutils-libelf-0.94.1-2.x86_64.rpm
85aa5c18b57bcd149b074092e77aa172  elfutils-libelf-devel-0.94.1-2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/elfutils-0.94.1-2.src.rpm
f9c89885daf3d51a699b99db4855b33c  elfutils-0.94.1-2.src.rpm

i386:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
bdfc7c99932291ae6ab742fd60ae0ca0  elfutils-devel-0.94.1-2.i386.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
b327fb13b08f74b472800b700439c39d  elfutils-libelf-devel-0.94.1-2.i386.rpm

x86_64:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
55c216e57fdf0edf3623cdadd814456e  elfutils-0.94.1-2.x86_64.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
f389c86cba1e5fbda8d1798ecc32d142  elfutils-debuginfo-0.94.1-2.x86_64.rpm
921e1675d0c270e6f8e20a7413a65955  elfutils-devel-0.94.1-2.x86_64.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
5516fefe4b2c4ec3dd491cdc09f1f153  elfutils-libelf-0.94.1-2.x86_64.rpm
85aa5c18b57bcd149b074092e77aa172  elfutils-libelf-devel-0.94.1-2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/elfutils-0.94.1-2.src.rpm
f9c89885daf3d51a699b99db4855b33c  elfutils-0.94.1-2.src.rpm

i386:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
bdfc7c99932291ae6ab742fd60ae0ca0  elfutils-devel-0.94.1-2.i386.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
b327fb13b08f74b472800b700439c39d  elfutils-libelf-devel-0.94.1-2.i386.rpm

ia64:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
148e0a5469f1808517416a0b8e319c48  elfutils-0.94.1-2.ia64.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
edda45ae94832daec035f16fad0ae1cf  elfutils-debuginfo-0.94.1-2.ia64.rpm
d69aa822ad4a73e1796fb699285a3e16  elfutils-devel-0.94.1-2.ia64.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
4981bc501ca8ede3a23c6ebf469f85b3  elfutils-libelf-0.94.1-2.ia64.rpm
8b9a5084a9c8f34b94198908bab6b6a2  elfutils-libelf-devel-0.94.1-2.ia64.rpm

x86_64:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
55c216e57fdf0edf3623cdadd814456e  elfutils-0.94.1-2.x86_64.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
f389c86cba1e5fbda8d1798ecc32d142  elfutils-debuginfo-0.94.1-2.x86_64.rpm
921e1675d0c270e6f8e20a7413a65955  elfutils-devel-0.94.1-2.x86_64.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
5516fefe4b2c4ec3dd491cdc09f1f153  elfutils-libelf-0.94.1-2.x86_64.rpm
85aa5c18b57bcd149b074092e77aa172  elfutils-libelf-devel-0.94.1-2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/elfutils-0.94.1-2.src.rpm
f9c89885daf3d51a699b99db4855b33c  elfutils-0.94.1-2.src.rpm

i386:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
bdfc7c99932291ae6ab742fd60ae0ca0  elfutils-devel-0.94.1-2.i386.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
b327fb13b08f74b472800b700439c39d  elfutils-libelf-devel-0.94.1-2.i386.rpm

ia64:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
148e0a5469f1808517416a0b8e319c48  elfutils-0.94.1-2.ia64.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
edda45ae94832daec035f16fad0ae1cf  elfutils-debuginfo-0.94.1-2.ia64.rpm
d69aa822ad4a73e1796fb699285a3e16  elfutils-devel-0.94.1-2.ia64.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
4981bc501ca8ede3a23c6ebf469f85b3  elfutils-libelf-0.94.1-2.ia64.rpm
8b9a5084a9c8f34b94198908bab6b6a2  elfutils-libelf-devel-0.94.1-2.ia64.rpm

x86_64:
aff3e63cdad846aa2d8f866ae517c388  elfutils-0.94.1-2.i386.rpm
55c216e57fdf0edf3623cdadd814456e  elfutils-0.94.1-2.x86_64.rpm
7b39a06ce634c2905b419a97c48f0b42  elfutils-debuginfo-0.94.1-2.i386.rpm
f389c86cba1e5fbda8d1798ecc32d142  elfutils-debuginfo-0.94.1-2.x86_64.rpm
921e1675d0c270e6f8e20a7413a65955  elfutils-devel-0.94.1-2.x86_64.rpm
676234c6860bfddc964ef7c9ad15c7f3  elfutils-libelf-0.94.1-2.i386.rpm
5516fefe4b2c4ec3dd491cdc09f1f153  elfutils-libelf-0.94.1-2.x86_64.rpm
85aa5c18b57bcd149b074092e77aa172  elfutils-libelf-devel-0.94.1-2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEv4NvXlSAg2UNWIIRAqJqAKDC1zPip3KgakhLsFVOy4yBztYo3gCgtqgI
Fi1xbcIXOFWS8WwpeDzk0hY=
=g9+K
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list