git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Soumya Sambu <soumya.sambu@windriver.com>
	Wed, 13 Aug 2025 12:11:01 +0000 (17:41 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 20 Aug 2025 14:21:54 +0000 (07:21 -0700)
commit	603881e34e3bbb7435f0ae91553036eef7f1cb06
tree	4d589899238f944e62c27b7144a529c97d522d6d	tree \| snapshot
parent	76c57e74071f8f2f312d5c62e1f7a1ac74db54be	commit \| diff

elfutils: Fix CVE-2025-1376

A vulnerability classified as problematic was found in GNU elfutils 0.192.
This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c
of the component eu-strip. The manipulation leads to denial of service. It is possible
to launch the attack on the local host. The complexity of an attack is rather high. The
exploitation appears to be difficult. The exploit has been disclosed to the public and
may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is
recommended to apply a patch to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1376
https://ubuntu.com/security/CVE-2025-1376

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b16f441cca0a4841050e3215a9f120a6d8aea918

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/elfutils/elfutils_0.192.bb		diff \| blob \| blame \| history
meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch	[new file with mode: 0644]	blob