ALAS2-2023-2259

The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. (CVE-2020-21047)

aarch64:
    elfutils-0.176-2.amzn2.0.2.aarch64
    elfutils-libs-0.176-2.amzn2.0.2.aarch64
    elfutils-devel-0.176-2.amzn2.0.2.aarch64
    elfutils-devel-static-0.176-2.amzn2.0.2.aarch64
    elfutils-libelf-0.176-2.amzn2.0.2.aarch64
    elfutils-libelf-devel-0.176-2.amzn2.0.2.aarch64
    elfutils-libelf-devel-static-0.176-2.amzn2.0.2.aarch64
    elfutils-debuginfo-0.176-2.amzn2.0.2.aarch64

i686:
    elfutils-0.176-2.amzn2.0.2.i686
    elfutils-libs-0.176-2.amzn2.0.2.i686
    elfutils-devel-0.176-2.amzn2.0.2.i686
    elfutils-devel-static-0.176-2.amzn2.0.2.i686
    elfutils-libelf-0.176-2.amzn2.0.2.i686
    elfutils-libelf-devel-0.176-2.amzn2.0.2.i686
    elfutils-libelf-devel-static-0.176-2.amzn2.0.2.i686
    elfutils-debuginfo-0.176-2.amzn2.0.2.i686

noarch:
    elfutils-default-yama-scope-0.176-2.amzn2.0.2.noarch

src:
    elfutils-0.176-2.amzn2.0.2.src

x86_64:
    elfutils-0.176-2.amzn2.0.2.x86_64
    elfutils-libs-0.176-2.amzn2.0.2.x86_64
    elfutils-devel-0.176-2.amzn2.0.2.x86_64
    elfutils-devel-static-0.176-2.amzn2.0.2.x86_64
    elfutils-libelf-0.176-2.amzn2.0.2.x86_64
    elfutils-libelf-devel-0.176-2.amzn2.0.2.x86_64
    elfutils-libelf-devel-static-0.176-2.amzn2.0.2.x86_64
    elfutils-debuginfo-0.176-2.amzn2.0.2.x86_64