Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.2780.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:2780-1)
Summary:The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2019:2780-1 advisory.
Description:Summary:
The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2019:2780-1 advisory.

Vulnerability Insight:
This update for binutils fixes the following issues:

binutils was updated to current 2.32 branch [jsc#ECO-368].

Includes following security fixes:
CVE-2018-17358: Fixed invalid memory access in
_bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)

CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in
opncls.c (bsc#1109413)

CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in
libbfd.c (bsc#1109414)

CVE-2018-17985: Fixed a stack consumption problem caused by the
cplus_demangle_type (bsc#1116827)

CVE-2018-18309: Fixed an invalid memory address dereference was
discovered in read_reloc in reloc.c (bsc#1111996)

CVE-2018-18483: Fixed get_count function provided by libiberty that
allowed attackers to cause a denial of service or other unspecified
impact (bsc#1112535)

CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions
provided by libiberty, caused by recursive stack frames (bsc#1112534)

CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered
in the function sec_merge_hash_lookup causing a denial of service
(bsc#1113255)

CVE-2018-18606: Fixed a NULL pointer dereference in
_bfd_add_merge_section when attempting to merge sections with large
alignments, causing denial of service (bsc#1113252)

CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd
when used for finding STT_TLS symbols without any TLS section, causing
denial of service (bsc#1113247)

CVE-2018-19931: Fixed a heap-based buffer overflow in
bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)

CVE-2018-19932: Fixed an integer overflow and infinite loop caused by
the IS_CONTAINED_BY_LMA (bsc#1118830)

CVE-2018-20623: Fixed a use-after-free in the error function in
elfcomm.c (bsc#1121035)

CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference
in elf_link_add_object_symbols in elflink.c (bsc#1121034)

CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based
buffer overflow in load_specific_debug_section in objdump.c
(bsc#1121056)

CVE-2018-1000876: Fixed integer overflow in
bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in
objdump (bsc#1120640)

CVE-2019-1010180: Fixed an out of bound memory access that could lead to
crashes (bsc#1142772)
enable xtensa architecture (Tensilica lc6 and related)

Use -ffat-lto-objects in order to provide assembly for static libs
(bsc#1141913).

Fixed some LTO build issues (bsc#1133131 bsc#1133232).

riscv: Don't check ABI flags if no code section

Fixed a segfault in ld when building some versions of pacemaker
(bsc#1154025, bsc#1154016).

Add avr, epiphany and rx to target_list so that the common binutils can
handle all objects we can create with crosses (bsc#1152590).

Update to binutils 2.32:
The binutils now support for the C-SKY processor series.

The x86 assembler now supports a -mvexwig=[01] option to control
... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'binutils' package(s) on SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Packagehub Subpackages 15.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-6323
BugTraq ID: 102821
http://www.securityfocus.com/bid/102821
https://www.exploit-db.com/exploits/44035/
SuSE Security Announcement: openSUSE-SU-2019:2415 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
SuSE Security Announcement: openSUSE-SU-2019:2432 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-6543
BugTraq ID: 102985
http://www.securityfocus.com/bid/102985
https://security.gentoo.org/glsa/201811-17
https://sourceware.org/bugzilla/show_bug.cgi?id=22769
Common Vulnerability Exposure (CVE) ID: CVE-2018-6759
BugTraq ID: 103030
http://www.securityfocus.com/bid/103030
Common Vulnerability Exposure (CVE) ID: CVE-2018-6872
BugTraq ID: 103103
http://www.securityfocus.com/bid/103103
Common Vulnerability Exposure (CVE) ID: CVE-2018-7208
BugTraq ID: 103077
http://www.securityfocus.com/bid/103077
RedHat Security Advisories: RHBA-2019:0327
https://access.redhat.com/errata/RHBA-2019:0327
RedHat Security Advisories: RHSA-2018:3032
https://access.redhat.com/errata/RHSA-2018:3032
Common Vulnerability Exposure (CVE) ID: CVE-2018-7568
https://sourceware.org/bugzilla/show_bug.cgi?id=22894
Common Vulnerability Exposure (CVE) ID: CVE-2018-7569
https://sourceware.org/bugzilla/show_bug.cgi?id=22895
Common Vulnerability Exposure (CVE) ID: CVE-2018-7570
https://sourceware.org/bugzilla/show_bug.cgi?id=22881
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d
Common Vulnerability Exposure (CVE) ID: CVE-2018-7642
https://sourceware.org/bugzilla/show_bug.cgi?id=22887
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
Common Vulnerability Exposure (CVE) ID: CVE-2018-7643
BugTraq ID: 103264
http://www.securityfocus.com/bid/103264
https://sourceware.org/bugzilla/show_bug.cgi?id=22905
Common Vulnerability Exposure (CVE) ID: CVE-2018-8945
https://sourceware.org/bugzilla/show_bug.cgi?id=22809
https://usn.ubuntu.com/4336-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.