elfutils: Fix CVE-2025-1365 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2025-08-13 17:40:58 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-08-26 06:33:14 -0700
commit	17c3ea7ff835e73d7975d0ba29a0a162e3c8b51a (patch)
tree	e186ccc604dc1b58e5f5eb02c150e6f3c214e6b8 /meta/recipes-support/libmicrohttpd
parent	26ec7d6e30b778e8bc24d3b0263c58a4361a185a (diff)
download	poky-17c3ea7ff835e73d7975d0ba29a0a162e3c8b51a.tar.gz

elfutils: Fix CVE-2025-1365

A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-1365 https://ubuntu.com/security/CVE-2025-1365 Upstream patch: https://sourceware.org/git/?p=elfutils.git;a=commit;h=5e5c0394d82c53e97750fe7b18023e6f84157b81 (From OE-Core rev: deb03581745a0722e1a52a8d4ee63cdc863ad014) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-support/libmicrohttpd')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: