SUSE SLES12 Security Update : binutils (SUSE-SU-2023:3695-1)

critical Nessus Plugin ID 181753

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3695-1 advisory.

- An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. (CVE-2020-19726)

- An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. (CVE-2021-32256)

- An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. (CVE-2022-35205)

- Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. (CVE-2022-35206)

- An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. (CVE-2022-4285)

- Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. (CVE-2022-44840)

- Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. (CVE-2022-45703)

- An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. (CVE-2022-47673)

- An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. (CVE-2022-47695)

- An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. (CVE-2022-47696)

- GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. (CVE-2022-48063)

- GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. (CVE-2022-48064)

- GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. (CVE-2022-48065)

- ** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor.
The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue.
VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. (CVE-2023-0687)

- Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. (CVE-2023-1579)

- A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. (CVE-2023-1972)

- A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. (CVE-2023-25585)

- A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. (CVE-2023-25588)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1200962

https://bugzilla.suse.com/1206080

https://bugzilla.suse.com/1206556

https://bugzilla.suse.com/1208037

https://bugzilla.suse.com/1208038

https://bugzilla.suse.com/1208040

https://bugzilla.suse.com/1208409

https://bugzilla.suse.com/1209642

https://bugzilla.suse.com/1210297

https://bugzilla.suse.com/1210733

https://bugzilla.suse.com/1213282

https://bugzilla.suse.com/1213458

https://bugzilla.suse.com/1214565

https://bugzilla.suse.com/1214567

https://bugzilla.suse.com/1214579

https://bugzilla.suse.com/1214580

https://bugzilla.suse.com/1214604

https://bugzilla.suse.com/1214611

https://bugzilla.suse.com/1214619

https://bugzilla.suse.com/1214620

https://bugzilla.suse.com/1214623

https://bugzilla.suse.com/1214624

https://bugzilla.suse.com/1214625

http://www.nessus.org/u?62755f3f

https://www.suse.com/security/cve/CVE-2020-19726

https://www.suse.com/security/cve/CVE-2021-32256

https://www.suse.com/security/cve/CVE-2022-35205

https://www.suse.com/security/cve/CVE-2022-35206

https://www.suse.com/security/cve/CVE-2022-4285

https://www.suse.com/security/cve/CVE-2022-44840

https://www.suse.com/security/cve/CVE-2022-45703

https://www.suse.com/security/cve/CVE-2022-47673

https://www.suse.com/security/cve/CVE-2022-47695

https://www.suse.com/security/cve/CVE-2022-47696

https://www.suse.com/security/cve/CVE-2022-48063

https://www.suse.com/security/cve/CVE-2022-48064

https://www.suse.com/security/cve/CVE-2022-48065

https://www.suse.com/security/cve/CVE-2023-0687

https://www.suse.com/security/cve/CVE-2023-1579

https://www.suse.com/security/cve/CVE-2023-1972

https://www.suse.com/security/cve/CVE-2023-2222

https://www.suse.com/security/cve/CVE-2023-25585

https://www.suse.com/security/cve/CVE-2023-25587

https://www.suse.com/security/cve/CVE-2023-25588

Plugin Details

Severity: Critical

ID: 181753

File Name: suse_SU-2023-3695-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 9/21/2023

Updated: 9/21/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2023-0687

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:binutils, p-cpe:/a:novell:suse_linux:binutils-devel, p-cpe:/a:novell:suse_linux:libctf0, p-cpe:/a:novell:suse_linux:libctf-nobfd0, p-cpe:/a:novell:suse_linux:binutils-gold

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/20/2023

Vulnerability Publication Date: 1/3/2023

Reference Information

CVE: CVE-2020-19726, CVE-2021-32256, CVE-2022-35205, CVE-2022-35206, CVE-2022-4285, CVE-2022-44840, CVE-2022-45703, CVE-2022-47673, CVE-2022-47695, CVE-2022-47696, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065, CVE-2023-0687, CVE-2023-1579, CVE-2023-1972, CVE-2023-2222, CVE-2023-25585, CVE-2023-25587, CVE-2023-25588

SuSE: SUSE-SU-2023:3695-1