Oracle Linux 7 : binutils (ELSA-2015-2079)

high Nessus Plugin ID 87018

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2079 advisory.

[2.23.52.0.1-55]
- Add missing delta to patch that fixes parsing corrupted archives.
(#1162666)

[2.23.52.0.1-54]
- Import patch for PR 18270: Create AArch64 GOT entries for local symbols.
(#1238783)

[2.23.52.0.1-51]
- Fix incorrectly generated binaries and DSOs on PPC platforms.
(#1247126)

[2.23.52.0.1-50]
- Fix memory corruption parsing corrupt archives.
(#1162666)

[2.23.52.0.1-49]
- Fix directory traversal vulnerability.
(#1162655)

[2.23.52.0.1-48]
- Fix stack overflow in SREC parser.
(#1162621)

[2.23.52.0.1-47]
- Fix stack overflow whilst parsing a corrupt iHex file.
(#1162607)

[2.23.52.0.1-46]
- Fix out of bounds memory accesses when parsing corrupt PE binaries.
(#1162594, #1162570)

[2.23.52.0.1-45]
- Change strings program to default to -a. Fix problems parsing files containg corrupt ELF group sections. (#1157276)

[2.23.52.0.1-44]
- Avoid reading beyond function boundary when disassembling.
(#1060282)

- For binary ouput, we don't have an ELF bfd output so can't access elf_elfheader. (#1226864)

[2.23.52.0.1-43]
- Don't discard stap probe note sections on aarch64 (#1225091)

[2.23.52.0.1-42]
- Clamp maxpagesize at 1 (rather than 0) to avoid segfaults in the linker when passed a bogus max-page-size argument.
(#1203449)

[2.23.52.0.1-41]
- Fixup bfd elf_link_add_object_symbols for ppc64 to prevent subsequent uninitialized accesses elsewhere. (#1172766)

[2.23.52.0.1-40]
- Minor testsuite adjustments for PPC changes in -38/-39.
(#1183838) Fix md_assemble for PPC to handle arithmetic involving the TOC better. (#1183838)

[2.23.52.0.1-39]
- Fix ppc64: segv in libbfd (#1172766).

[2.23.52.0.1-38]
- Unconditionally apply ppc64le patches (#1183838).

[2.23.52.0.1-37]
- Andreas's backport of z13 and dependent fixes for s390, including tesetcase fix from Apr 27, 2015. (#1182153)

[2.23.52.0.1-35]
- Fixup testsuite for AArch64 (#1182111)
- Add support for @localentry for LE PPC64 (#1194164)

[2.23.52.0.1-34]
- Do not install windmc(1) man page (#850832)

[2.23.52.0.1-33]
- Don't replace R_390_TLS_LE{32,64} with R_390_TLS_TPOFF for PIE (#872148)
- Enable relro by default for arm and aarch64 (#1203449)
- Backport 3 RELRO improvements for ppc64/ppc64le from upstream (#1175624)

[2.23.52.0.1-31]
- Backport upstream RELRO fixes. (#1200138)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected binutils and / or binutils-devel packages.

See Also

https://linux.oracle.com/errata/ELSA-2015-2079.html

Plugin Details

Severity: High

ID: 87018

File Name: oraclelinux_ELSA-2015-2079.nasl

Version: 1.10

Type: local

Agent: unix

Published: 11/24/2015

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-8504

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:binutils-devel, p-cpe:/a:oracle:linux:binutils, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/23/2015

Vulnerability Publication Date: 12/9/2014

Reference Information

CVE: CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738

RHSA: 2015:2079