Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.2779.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:2779-1)
Summary:The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2019:2779-1 advisory.
Description:Summary:
The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2019:2779-1 advisory.

Vulnerability Insight:
This update for binutils fixes the following issues:

binutils was updated to current 2.32 branch [jsc#ECO-368].

Includes following security fixes:
CVE-2018-17358: Fixed invalid memory access in
_bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)

CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in
opncls.c (bsc#1109413)

CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in
libbfd.c (bsc#1109414)

CVE-2018-17985: Fixed a stack consumption problem caused by the
cplus_demangle_type (bsc#1116827)

CVE-2018-18309: Fixed an invalid memory address dereference was
discovered in read_reloc in reloc.c (bsc#1111996)

CVE-2018-18483: Fixed get_count function provided by libiberty that
allowed attackers to cause a denial of service or other unspecified
impact (bsc#1112535)

CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions
provided by libiberty, caused by recursive stack frames (bsc#1112534)

CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered
in the function sec_merge_hash_lookup causing a denial of service
(bsc#1113255)

CVE-2018-18606: Fixed a NULL pointer dereference in
_bfd_add_merge_section when attempting to merge sections with large
alignments, causing denial of service (bsc#1113252)

CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd
when used for finding STT_TLS symbols without any TLS section, causing
denial of service (bsc#1113247)

CVE-2018-19931: Fixed a heap-based buffer overflow in
bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)

CVE-2018-19932: Fixed an integer overflow and infinite loop caused by
the IS_CONTAINED_BY_LMA (bsc#1118830)

CVE-2018-20623: Fixed a use-after-free in the error function in
elfcomm.c (bsc#1121035)

CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference
in elf_link_add_object_symbols in elflink.c (bsc#1121034)

CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based
buffer overflow in load_specific_debug_section in objdump.c
(bsc#1121056)

CVE-2018-1000876: Fixed integer overflow in
bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in
objdump (bsc#1120640)

CVE-2019-1010180: Fixed an out of bound memory access that could lead to
crashes (bsc#1142772)
enable xtensa architecture (Tensilica lc6 and related)

Use -ffat-lto-objects in order to provide assembly for static libs
(bsc#1141913).

Fixed some LTO build issues (bsc#1133131 bsc#1133232).

riscv: Don't check ABI flags if no code section

Fixed a segfault in ld when building some versions of pacemaker
(bsc#1154025, bsc#1154016).

Add avr, epiphany and rx to target_list so that the common binutils can
handle all objects we can create with crosses (bsc#1152590).

Update to binutils 2.32:
The binutils now support for the C-SKY processor series.

The x86 assembler now supports a -mvexwig=[01] option to control
encod... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'binutils' package(s) on SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-6323
BugTraq ID: 102821
http://www.securityfocus.com/bid/102821
https://www.exploit-db.com/exploits/44035/
SuSE Security Announcement: openSUSE-SU-2019:2415 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
SuSE Security Announcement: openSUSE-SU-2019:2432 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-6543
BugTraq ID: 102985
http://www.securityfocus.com/bid/102985
https://security.gentoo.org/glsa/201811-17
https://sourceware.org/bugzilla/show_bug.cgi?id=22769
Common Vulnerability Exposure (CVE) ID: CVE-2018-6759
BugTraq ID: 103030
http://www.securityfocus.com/bid/103030
Common Vulnerability Exposure (CVE) ID: CVE-2018-6872
BugTraq ID: 103103
http://www.securityfocus.com/bid/103103
Common Vulnerability Exposure (CVE) ID: CVE-2018-7208
BugTraq ID: 103077
http://www.securityfocus.com/bid/103077
RedHat Security Advisories: RHBA-2019:0327
https://access.redhat.com/errata/RHBA-2019:0327
RedHat Security Advisories: RHSA-2018:3032
https://access.redhat.com/errata/RHSA-2018:3032
Common Vulnerability Exposure (CVE) ID: CVE-2018-7568
https://sourceware.org/bugzilla/show_bug.cgi?id=22894
Common Vulnerability Exposure (CVE) ID: CVE-2018-7569
https://sourceware.org/bugzilla/show_bug.cgi?id=22895
Common Vulnerability Exposure (CVE) ID: CVE-2018-7570
https://sourceware.org/bugzilla/show_bug.cgi?id=22881
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d
Common Vulnerability Exposure (CVE) ID: CVE-2018-7642
https://sourceware.org/bugzilla/show_bug.cgi?id=22887
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
Common Vulnerability Exposure (CVE) ID: CVE-2018-7643
BugTraq ID: 103264
http://www.securityfocus.com/bid/103264
https://sourceware.org/bugzilla/show_bug.cgi?id=22905
Common Vulnerability Exposure (CVE) ID: CVE-2018-8945
https://sourceware.org/bugzilla/show_bug.cgi?id=22809
https://usn.ubuntu.com/4336-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.