Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.4.2019.2780.1 |
Category: | SuSE Local Security Checks |
Title: | SUSE: Security Advisory (SUSE-SU-2019:2780-1) |
Summary: | The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2019:2780-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2019:2780-1 advisory. Vulnerability Insight: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) enable xtensa architecture (Tensilica lc6 and related) Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). Fixed some LTO build issues (bsc#1133131 bsc#1133232). riscv: Don't check ABI flags if no code section Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: The binutils now support for the C-SKY processor series. The x86 assembler now supports a -mvexwig=[0 ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'binutils' package(s) on SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Packagehub Subpackages 15. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-6323 BugTraq ID: 102821 http://www.securityfocus.com/bid/102821 https://www.exploit-db.com/exploits/44035/ SuSE Security Announcement: openSUSE-SU-2019:2415 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html SuSE Security Announcement: openSUSE-SU-2019:2432 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2018-6543 BugTraq ID: 102985 http://www.securityfocus.com/bid/102985 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22769 Common Vulnerability Exposure (CVE) ID: CVE-2018-6759 BugTraq ID: 103030 http://www.securityfocus.com/bid/103030 Common Vulnerability Exposure (CVE) ID: CVE-2018-6872 BugTraq ID: 103103 http://www.securityfocus.com/bid/103103 Common Vulnerability Exposure (CVE) ID: CVE-2018-7208 BugTraq ID: 103077 http://www.securityfocus.com/bid/103077 RedHat Security Advisories: RHBA-2019:0327 https://access.redhat.com/errata/RHBA-2019:0327 RedHat Security Advisories: RHSA-2018:3032 https://access.redhat.com/errata/RHSA-2018:3032 Common Vulnerability Exposure (CVE) ID: CVE-2018-7568 https://sourceware.org/bugzilla/show_bug.cgi?id=22894 Common Vulnerability Exposure (CVE) ID: CVE-2018-7569 https://sourceware.org/bugzilla/show_bug.cgi?id=22895 Common Vulnerability Exposure (CVE) ID: CVE-2018-7570 https://sourceware.org/bugzilla/show_bug.cgi?id=22881 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d Common Vulnerability Exposure (CVE) ID: CVE-2018-7642 https://sourceware.org/bugzilla/show_bug.cgi?id=22887 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25 Common Vulnerability Exposure (CVE) ID: CVE-2018-7643 BugTraq ID: 103264 http://www.securityfocus.com/bid/103264 https://sourceware.org/bugzilla/show_bug.cgi?id=22905 Common Vulnerability Exposure (CVE) ID: CVE-2018-8945 https://sourceware.org/bugzilla/show_bug.cgi?id=22809 https://usn.ubuntu.com/4336-1/ |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |