{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"elfutils security update", "category":"general", "title":"Synopsis" }, { "text":"An update for elfutils is now available for openEuler-22.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"Elfutils is a collection of utilities, including stack (to show\nbacktraces), nm (for listing symbols from object files), size\n(for listing the section sizes of an object or archive file),\nstrip (for discarding symbols), readelf (to see the raw ELF file\nstructures), elflint (to check for well-formed ELF files) and\nelfcompress (to compress or decompress ELF sections).\nAlso included are helper libraries which implement DWARF, ELF,\nand machine-specific ELF handling and process introspection.\nIt also provides a DSO which allows reading and\nwriting ELF files on a high level. Third party programs depend on\nthis package to read internals of ELF files. \nYama sysctl setting to enable default attach scope settings\nenabling programs to use ptrace attach, access to\n/proc/PID/{mem,personality,stack,syscall}, and the syscalls\nprocess_vm_readv and process_vm_writev which are used for\ninterprocess services, communication and introspection\n(like synchronisation, signaling, debugging, tracing and\nprofiling) of processes.\n\nSecurity Fix(es):\n\nA vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.(CVE-2025-1352)\n\nA vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue.(CVE-2025-1372)\n\nA vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.(CVE-2025-1376)\n\nA vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.(CVE-2025-1377)", "category":"general", "title":"Description" }, { "text":"An update for elfutils is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"elfutils", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1181", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1181" }, { "summary":"CVE-2025-1352", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-1352&packageName=elfutils" }, { "summary":"CVE-2025-1372", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-1372&packageName=elfutils" }, { "summary":"CVE-2025-1376", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-1376&packageName=elfutils" }, { "summary":"CVE-2025-1377", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-1377&packageName=elfutils" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1352" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1372" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1376" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1377" }, { "summary":"openEuler-SA-2025-1181 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1181.json" } ], "title":"An update for elfutils is now available for openEuler-22.03-LTS-SP3", "tracking":{ "initial_release_date":"2025-02-21T21:35:39+08:00", "revision_history":[ { "date":"2025-02-21T21:35:39+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-02-21T21:35:39+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-02-21T21:35:39+08:00", "id":"openEuler-SA-2025-1181", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-0.185-20.oe2203sp3.aarch64.rpm", "name":"elfutils-0.185-20.oe2203sp3.aarch64.rpm" }, "name":"elfutils-0.185-20.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debuginfo-0.185-20.oe2203sp3.aarch64.rpm", "name":"elfutils-debuginfo-0.185-20.oe2203sp3.aarch64.rpm" }, "name":"elfutils-debuginfo-0.185-20.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debuginfod-0.185-20.oe2203sp3.aarch64.rpm", "name":"elfutils-debuginfod-0.185-20.oe2203sp3.aarch64.rpm" }, "name":"elfutils-debuginfod-0.185-20.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64.rpm", "name":"elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64.rpm" }, "name":"elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64.rpm", "name":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64.rpm" }, "name":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debugsource-0.185-20.oe2203sp3.aarch64.rpm", "name":"elfutils-debugsource-0.185-20.oe2203sp3.aarch64.rpm" }, "name":"elfutils-debugsource-0.185-20.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-devel-0.185-20.oe2203sp3.aarch64.rpm", "name":"elfutils-devel-0.185-20.oe2203sp3.aarch64.rpm" }, "name":"elfutils-devel-0.185-20.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-extra-0.185-20.oe2203sp3.aarch64.rpm", "name":"elfutils-extra-0.185-20.oe2203sp3.aarch64.rpm" }, "name":"elfutils-extra-0.185-20.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-help-0.185-20.oe2203sp3.aarch64.rpm", "name":"elfutils-help-0.185-20.oe2203sp3.aarch64.rpm" }, "name":"elfutils-help-0.185-20.oe2203sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-0.185-20.oe2203sp3.src.rpm", "name":"elfutils-0.185-20.oe2203sp3.src.rpm" }, "name":"elfutils-0.185-20.oe2203sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-0.185-20.oe2203sp3.x86_64.rpm", "name":"elfutils-0.185-20.oe2203sp3.x86_64.rpm" }, "name":"elfutils-0.185-20.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debuginfo-0.185-20.oe2203sp3.x86_64.rpm", "name":"elfutils-debuginfo-0.185-20.oe2203sp3.x86_64.rpm" }, "name":"elfutils-debuginfo-0.185-20.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debuginfod-0.185-20.oe2203sp3.x86_64.rpm", "name":"elfutils-debuginfod-0.185-20.oe2203sp3.x86_64.rpm" }, "name":"elfutils-debuginfod-0.185-20.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64.rpm", "name":"elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64.rpm" }, "name":"elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64.rpm", "name":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64.rpm" }, "name":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-debugsource-0.185-20.oe2203sp3.x86_64.rpm", "name":"elfutils-debugsource-0.185-20.oe2203sp3.x86_64.rpm" }, "name":"elfutils-debugsource-0.185-20.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-devel-0.185-20.oe2203sp3.x86_64.rpm", "name":"elfutils-devel-0.185-20.oe2203sp3.x86_64.rpm" }, "name":"elfutils-devel-0.185-20.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-extra-0.185-20.oe2203sp3.x86_64.rpm", "name":"elfutils-extra-0.185-20.oe2203sp3.x86_64.rpm" }, "name":"elfutils-extra-0.185-20.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"elfutils-help-0.185-20.oe2203sp3.x86_64.rpm", "name":"elfutils-help-0.185-20.oe2203sp3.x86_64.rpm" }, "name":"elfutils-help-0.185-20.oe2203sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-0.185-20.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "name":"elfutils-0.185-20.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debuginfo-0.185-20.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "name":"elfutils-debuginfo-0.185-20.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debuginfod-0.185-20.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "name":"elfutils-debuginfod-0.185-20.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "name":"elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "name":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debugsource-0.185-20.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "name":"elfutils-debugsource-0.185-20.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-devel-0.185-20.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "name":"elfutils-devel-0.185-20.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-extra-0.185-20.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "name":"elfutils-extra-0.185-20.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-help-0.185-20.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "name":"elfutils-help-0.185-20.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-0.185-20.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "name":"elfutils-0.185-20.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-0.185-20.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "name":"elfutils-0.185-20.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debuginfo-0.185-20.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "name":"elfutils-debuginfo-0.185-20.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debuginfod-0.185-20.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "name":"elfutils-debuginfod-0.185-20.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "name":"elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "name":"elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-debugsource-0.185-20.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "name":"elfutils-debugsource-0.185-20.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-devel-0.185-20.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "name":"elfutils-devel-0.185-20.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-extra-0.185-20.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "name":"elfutils-extra-0.185-20.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"elfutils-help-0.185-20.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64", "name":"elfutils-help-0.185-20.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-1352", "notes":[ { "text":"A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ], "details":"elfutils security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1181" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.0, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-1352" }, { "cve":"CVE-2025-1372", "notes":[ { "text":"A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ], "details":"elfutils security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1181" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-1372" }, { "cve":"CVE-2025-1376", "notes":[ { "text":"A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ], "details":"elfutils security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1181" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":2.5, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-1376" }, { "cve":"CVE-2025-1377", "notes":[ { "text":"A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ], "details":"elfutils security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1181" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.src", "openEuler-22.03-LTS-SP3:elfutils-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfo-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debuginfod-client-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-debugsource-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-devel-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-extra-0.185-20.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:elfutils-help-0.185-20.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-1377" } ] }