Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.3170.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:3170-1)
Summary:The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2018:3170-1 advisory.
Description:Summary:
The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2018:3170-1 advisory.

Vulnerability Insight:
This update for binutils to version 2.31 fixes the following issues:

These security issues were fixed:
CVE-2017-15996: readelf allowed remote attackers to cause a denial of
service (excessive memory allocation) or possibly have unspecified other
impact via a crafted ELF file that triggered a buffer overflow on fuzzed
archive header (bsc#1065643)

CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd)
mishandled NULL files in a .debug_line file table, which allowed remote
attackers to cause a denial of service (NULL pointer dereference and
application crash) via a crafted ELF file, related to concat_filename
(bsc#1065689)

CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd)
miscalculated DW_FORM_ref_addr die refs in the case of a relocatable
object file, which allowed remote attackers to cause a denial of service
(find_abstract_instance_name invalid memory read, segmentation fault,
and application crash) (bsc#1065693)

CVE-2017-16826: The coff_slurp_line_table function the Binary File
Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause
a denial of service (invalid memory access and application crash) or
possibly have unspecified other impact via a crafted PE file
(bsc#1068640)

CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File
Descriptor (BFD) library (aka libbfd) did not validate size and offset
values in the data dictionary, which allowed remote attackers to cause a
denial of service (segmentation violation and application crash) or
possibly have unspecified other impact via a crafted PE file
(bsc#1068643)

CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did
not validate the symbol count, which allowed remote attackers to cause a
denial of service (integer overflow and application crash, or excessive
memory allocation) or possibly have unspecified other impact via a
crafted PE file (bsc#1068887)

CVE-2017-16830: The print_gnu_property_note function did not have
integer-overflow protection on 32-bit platforms, which allowed remote
attackers to cause a denial of service (segmentation violation and
application crash) or possibly have unspecified other impact via a
crafted ELF file (bsc#1068888)

CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary
File Descriptor (BFD) library (aka libbfd) did not prevent negative
pointers, which allowed remote attackers to cause a denial of service
(out-of-bounds read and application crash) or possibly have unspecified
other impact via a crafted ELF file (bsc#1068950)

CVE-2017-16828: The display_debug_frames function allowed remote
attackers to cause a denial of service (integer overflow and heap-based
buffer over-read, and application crash) or possibly have unspecified
other impact via a crafted ELF file (bsc#1069176)

CVE-2017-16827: The aout_get_external_symbols function in the Binary
File ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'binutils' package(s) on SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Development Tools 15.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-6323
BugTraq ID: 102821
http://www.securityfocus.com/bid/102821
https://www.exploit-db.com/exploits/44035/
SuSE Security Announcement: openSUSE-SU-2019:2415 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
SuSE Security Announcement: openSUSE-SU-2019:2432 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-6543
BugTraq ID: 102985
http://www.securityfocus.com/bid/102985
https://security.gentoo.org/glsa/201811-17
https://sourceware.org/bugzilla/show_bug.cgi?id=22769
Common Vulnerability Exposure (CVE) ID: CVE-2018-6759
BugTraq ID: 103030
http://www.securityfocus.com/bid/103030
Common Vulnerability Exposure (CVE) ID: CVE-2018-6872
BugTraq ID: 103103
http://www.securityfocus.com/bid/103103
Common Vulnerability Exposure (CVE) ID: CVE-2018-7208
BugTraq ID: 103077
http://www.securityfocus.com/bid/103077
RedHat Security Advisories: RHBA-2019:0327
https://access.redhat.com/errata/RHBA-2019:0327
RedHat Security Advisories: RHSA-2018:3032
https://access.redhat.com/errata/RHSA-2018:3032
Common Vulnerability Exposure (CVE) ID: CVE-2018-7568
https://sourceware.org/bugzilla/show_bug.cgi?id=22894
Common Vulnerability Exposure (CVE) ID: CVE-2018-7569
https://sourceware.org/bugzilla/show_bug.cgi?id=22895
Common Vulnerability Exposure (CVE) ID: CVE-2018-7570
https://sourceware.org/bugzilla/show_bug.cgi?id=22881
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d
Common Vulnerability Exposure (CVE) ID: CVE-2018-7642
https://sourceware.org/bugzilla/show_bug.cgi?id=22887
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
Common Vulnerability Exposure (CVE) ID: CVE-2018-7643
BugTraq ID: 103264
http://www.securityfocus.com/bid/103264
https://sourceware.org/bugzilla/show_bug.cgi?id=22905
Common Vulnerability Exposure (CVE) ID: CVE-2018-8945
https://sourceware.org/bugzilla/show_bug.cgi?id=22809
https://usn.ubuntu.com/4336-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.