openSUSE Security Update : binutils (openSUSE-2019-2415)

high Nessus Plugin ID 130420

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for binutils fixes the following issues :

binutils was updated to current 2.32 branch [jsc#ECO-368].

Includes following security fixes :

- CVE-2018-17358: Fixed invalid memory access in
_bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)

- CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413)

- CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414)

- CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827)

- CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996)

- CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535)

- CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534)

- CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255)

- CVE-2018-18606: Fixed a NULL pointer dereference in
_bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252)

- CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247)

- CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)

- CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830)

- CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035)

- CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034)

- CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056)

- CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynam ic_reloc in objdump (bsc#1120640)

- CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772)

- enable xtensa architecture (Tensilica lc6 and related)

- Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913).

- Fixed some LTO build issues (bsc#1133131 bsc#1133232).

- riscv: Don't check ABI flags if no code section

- Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016).

- Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590).

Update to binutils 2.32 :

- The binutils now support for the C-SKY processor series.

- The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes.

- The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE.

- The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary.

- Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly.
Disassembly will continue from this symbol up to the next symbol or the end of the function.

- The BFD linker will now report property change in linker map file when merging GNU properties.

- The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report.

- The GOLD linker has improved warning messages for relocations that refer to discarded sections.

- Improve relro support on s390 [fate#326356]

- Fix broken debug symbols (bsc#1118644)

- Handle ELF compressed header alignment correctly.

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected binutils packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1109412

https://bugzilla.opensuse.org/show_bug.cgi?id=1109413

https://bugzilla.opensuse.org/show_bug.cgi?id=1109414

https://bugzilla.opensuse.org/show_bug.cgi?id=1111996

https://bugzilla.opensuse.org/show_bug.cgi?id=1112534

https://bugzilla.opensuse.org/show_bug.cgi?id=1112535

https://bugzilla.opensuse.org/show_bug.cgi?id=1113247

https://bugzilla.opensuse.org/show_bug.cgi?id=1113252

https://bugzilla.opensuse.org/show_bug.cgi?id=1113255

https://bugzilla.opensuse.org/show_bug.cgi?id=1116827

https://bugzilla.opensuse.org/show_bug.cgi?id=1118644

https://bugzilla.opensuse.org/show_bug.cgi?id=1118830

https://bugzilla.opensuse.org/show_bug.cgi?id=1118831

https://bugzilla.opensuse.org/show_bug.cgi?id=1120640

https://bugzilla.opensuse.org/show_bug.cgi?id=1121034

https://bugzilla.opensuse.org/show_bug.cgi?id=1121035

https://bugzilla.opensuse.org/show_bug.cgi?id=1121056

https://bugzilla.opensuse.org/show_bug.cgi?id=1133131

https://bugzilla.opensuse.org/show_bug.cgi?id=1133232

https://bugzilla.opensuse.org/show_bug.cgi?id=1141913

https://bugzilla.opensuse.org/show_bug.cgi?id=1142772

https://bugzilla.opensuse.org/show_bug.cgi?id=1152590

https://bugzilla.opensuse.org/show_bug.cgi?id=1154016

https://bugzilla.opensuse.org/show_bug.cgi?id=1154025

https://features.opensuse.org/326356

Plugin Details

Severity: High

ID: 130420

File Name: openSUSE-2019-2415.nasl

Version: 1.4

Type: local

Agent: unix

Published: 10/31/2019

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-1010180

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:binutils, p-cpe:/a:novell:opensuse:binutils-debuginfo, p-cpe:/a:novell:opensuse:binutils-debugsource, p-cpe:/a:novell:opensuse:binutils-devel, p-cpe:/a:novell:opensuse:binutils-devel-32bit, p-cpe:/a:novell:opensuse:binutils-gold, p-cpe:/a:novell:opensuse:binutils-gold-debuginfo, cpe:/o:novell:opensuse:15.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/30/2019

Vulnerability Publication Date: 1/26/2018

Reference Information

CVE: CVE-2018-1000876, CVE-2018-17358, CVE-2018-17359, CVE-2018-17360, CVE-2018-17985, CVE-2018-18309, CVE-2018-18483, CVE-2018-18484, CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, CVE-2018-19931, CVE-2018-19932, CVE-2018-20623, CVE-2018-20651, CVE-2018-20671, CVE-2018-6323, CVE-2018-6543, CVE-2018-6759, CVE-2018-6872, CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7570, CVE-2018-7642, CVE-2018-7643, CVE-2018-8945, CVE-2019-1010180