]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 603881e) | patch
elfutils: Fix CVE-2025-1377
authorSoumya Sambu <soumya.sambu@windriver.com>
Wed, 13 Aug 2025 12:11:02 +0000 (17:41 +0530)
committerSteve Sakoman <steve@sakoman.com>
Wed, 20 Aug 2025 14:21:54 +0000 (07:21 -0700)
commit36436f0996d3a84fe6a59434dec1a92704110602
tree5100996ba611e9d1ac31be6bfb7b6bb34abfe366tree | snapshot
parent603881e34e3bbb7435f0ae91553036eef7f1cb06commit | diff
elfutils: Fix CVE-2025-1377

A vulnerability, which was classified as problematic, has been found in GNU elfutils
0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the
component eu-strip. The manipulation leads to denial of service. The attack needs to
be approached locally. The exploit has been disclosed to the public and may be used.
The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is
recommended to apply a patch to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1377
https://ubuntu.com/security/CVE-2025-1377

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=fbf1df9ca286de3323ae541973b08449f8d03aba

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/elfutils/elfutils_0.192.bb diff | blob | blame | history
meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core-contrib