An update for elfutils is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1444 Final 1.0 1.0 2023-07-29 Initial 2023-07-29 2023-07-29 openEuler SA Tool V1.0 2023-07-29 elfutils security update An update for elfutils is now available for openEuler-20.03-LTS-SP1. Elfutils is a collection of utilities, including stack (to show backtraces), nm (for listing symbols from object files), size (for listing the section sizes of an object or archive file), strip (for discarding symbols), elflint (to check for well-formed ELF files) and elfcompress (to compress or decompress ELF sections). Also included are helper libraries which implement DWARF, ELF, and machine-specific ELF handling and process introspection. It also provides a DSO which allows reading and writing ELF files on a high level. Third party programs depend on this package to read internals of ELF files. Yama sysctl setting to enable default attach scope settings enabling programs to use ptrace attach, access to /proc/PID/{mem,personality,stack,syscall}, and the syscalls process_vm_readv and process_vm_writev which are used for interprocess services, communication and introspection (like synchronisation, signaling, debugging, tracing and profiling) of processes. Security Fix(es): In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.(CVE-2021-33294) An update for elfutils is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low elfutils https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1444 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 openEuler-20.03-LTS-SP1 elfutils-0.180-14.oe1.aarch64.rpm elfutils-devel-0.180-14.oe1.aarch64.rpm elfutils-debuginfod-client-0.180-14.oe1.aarch64.rpm elfutils-debuginfod-client-devel-0.180-14.oe1.aarch64.rpm elfutils-debuginfo-0.180-14.oe1.aarch64.rpm elfutils-debuginfod-0.180-14.oe1.aarch64.rpm elfutils-help-0.180-14.oe1.aarch64.rpm elfutils-extra-0.180-14.oe1.aarch64.rpm elfutils-debugsource-0.180-14.oe1.aarch64.rpm elfutils-0.180-14.oe1.src.rpm elfutils-debuginfod-0.180-14.oe1.x86_64.rpm elfutils-debuginfod-client-devel-0.180-14.oe1.x86_64.rpm elfutils-devel-0.180-14.oe1.x86_64.rpm elfutils-0.180-14.oe1.x86_64.rpm elfutils-debugsource-0.180-14.oe1.x86_64.rpm elfutils-debuginfo-0.180-14.oe1.x86_64.rpm elfutils-extra-0.180-14.oe1.x86_64.rpm elfutils-debuginfod-client-0.180-14.oe1.x86_64.rpm elfutils-help-0.180-14.oe1.x86_64.rpm In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. 2023-07-29 CVE-2021-33294 openEuler-20.03-LTS-SP1 Low 2.5 AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L elfutils security update 2023-07-29 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1444