Headline
CVE-2018-18521: Mark Wielaard - [PATCH] arlib: Check that sh_entsize isn't zero.
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.