elfutils: Fix CVE-2025-1372 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2025-08-13 17:41:00 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-08-26 06:33:14 -0700
commit	f9e6c1011ae64054abfe4a58a1729419b43edf45 (patch)
tree	3b9b628e6ec1da553140fb9b075793e6debd31eb /meta/lib/patchtest/tests/test_python_pylint.py
parent	f199f5e3a6c3112e348c60695f3509c21af4e911 (diff)
download	poky-f9e6c1011ae64054abfe4a58a1729419b43edf45.tar.gz

elfutils: Fix CVE-2025-1372

A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-1372 https://ubuntu.com/security/CVE-2025-1372 Upstream patch: https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db (From OE-Core rev: 76c57e74071f8f2f312d5c62e1f7a1ac74db54be) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/lib/patchtest/tests/test_python_pylint.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: