In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file. References: https://sourceware.org/bugzilla/show_bug.cgi?id=24075 https://sourceware.org/bugzilla/show_bug.cgi?id=24081 Upstream Patch: https://sourceware.org/git/?p=elfutils.git;a=commit;h=012018907ca05eb0ab51d424a596ef38fc87cae1 https://sourceware.org/git/?p=elfutils.git;a=commit;h=cd7ded3df43f655af945c869976401a602e46fcd
Created elfutils tracking bugs for this issue: Affects: fedora-all [bug 1671433]
From upstream: https://sourceware.org/bugzilla/show_bug.cgi?id=24075 - This code was introduced in 0.175 and not present in 0.174. - Does not affect openshift-online-3
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3575 https://access.redhat.com/errata/RHSA-2019:3575
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-7146