]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9f104c2) | patch
elfutils: Fix CVE-2025-1365
authorSoumya Sambu <soumya.sambu@windriver.com>
Wed, 13 Aug 2025 12:10:58 +0000 (17:40 +0530)
committerSteve Sakoman <steve@sakoman.com>
Wed, 20 Aug 2025 14:21:54 +0000 (07:21 -0700)
commitdeb03581745a0722e1a52a8d4ee63cdc863ad014
treeb1f17b813b277d8011a98dd850214ccadf2f5180tree | snapshot
parent9f104c2005975c1dce6e67b23e34ab5a2e8f85abcommit | diff
elfutils: Fix CVE-2025-1365

A vulnerability, which was classified as critical, was found in GNU elfutils
0.192. This affects the function process_symtab of the file readelf.c of the
component eu-readelf. The manipulation of the argument D/a leads to buffer
overflow. Local access is required to approach this attack. The exploit has
been disclosed to the public and may be used. The identifier of the patch is
5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch
to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1365
https://ubuntu.com/security/CVE-2025-1365

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=5e5c0394d82c53e97750fe7b18023e6f84157b81

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/elfutils/elfutils_0.192.bb diff | blob | blame | history
meta/recipes-devtools/elfutils/files/CVE-2025-1365.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core-contrib