Detections
Analytics
Oracle Linux 7 : binutils (ELSA-2015-2079)
high Nessus Plugin ID 87018
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2079 advisory.[2.23.52.0.1-55]
- Add missing delta to patch that fixes parsing corrupted archives.
(#1162666)
[2.23.52.0.1-54]
- Import patch for PR 18270: Create AArch64 GOT entries for local symbols.
(#1238783)
[2.23.52.0.1-51]
- Fix incorrectly generated binaries and DSOs on PPC platforms.
(#1247126)
[2.23.52.0.1-50]
- Fix memory corruption parsing corrupt archives.
(#1162666)
[2.23.52.0.1-49]
- Fix directory traversal vulnerability.
(#1162655)
[2.23.52.0.1-48]
- Fix stack overflow in SREC parser.
(#1162621)
[2.23.52.0.1-47]
- Fix stack overflow whilst parsing a corrupt iHex file.
(#1162607)
[2.23.52.0.1-46]
- Fix out of bounds memory accesses when parsing corrupt PE binaries.
(#1162594, #1162570)
[2.23.52.0.1-45]
- Change strings program to default to -a. Fix problems parsing files containg corrupt ELF group sections. (#1157276)
[2.23.52.0.1-44]
- Avoid reading beyond function boundary when disassembling.
(#1060282)
- For binary ouput, we don't have an ELF bfd output so can't access elf_elfheader. (#1226864)
[2.23.52.0.1-43]
- Don't discard stap probe note sections on aarch64 (#1225091)
[2.23.52.0.1-42]
- Clamp maxpagesize at 1 (rather than 0) to avoid segfaults in the linker when passed a bogus max-page-size argument.
(#1203449)
[2.23.52.0.1-41]
- Fixup bfd elf_link_add_object_symbols for ppc64 to prevent subsequent uninitialized accesses elsewhere. (#1172766)
[2.23.52.0.1-40]
- Minor testsuite adjustments for PPC changes in -38/-39.
(#1183838) Fix md_assemble for PPC to handle arithmetic involving the TOC better. (#1183838)
[2.23.52.0.1-39]
- Fix ppc64: segv in libbfd (#1172766).
[2.23.52.0.1-38]
- Unconditionally apply ppc64le patches (#1183838).
[2.23.52.0.1-37]
- Andreas's backport of z13 and dependent fixes for s390, including tesetcase fix from Apr 27, 2015. (#1182153)
[2.23.52.0.1-35]
- Fixup testsuite for AArch64 (#1182111)
- Add support for @localentry for LE PPC64 (#1194164)
[2.23.52.0.1-34]
- Do not install windmc(1) man page (#850832)
[2.23.52.0.1-33]
- Don't replace R_390_TLS_LE{32,64} with R_390_TLS_TPOFF for PIE (#872148)
- Enable relro by default for arm and aarch64 (#1203449)
- Backport 3 RELRO improvements for ppc64/ppc64le from upstream (#1175624)
[2.23.52.0.1-31]
- Backport upstream RELRO fixes. (#1200138)
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected binutils and / or binutils-devel packages.See Also
Plugin Details
Severity: High
ID: 87018
File Name: oraclelinux_ELSA-2015-2079.nasl
Version: 1.10
Type: local
Agent: unix
Published: 11/24/2015
Updated: 10/22/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2014-8504
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:binutils-devel, p-cpe:/a:oracle:linux:binutils, cpe:/o:oracle:linux:7
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Ease: No known exploits are available
Patch Publication Date: 11/23/2015
Vulnerability Publication Date: 12/9/2014
Reference Information
CVE: CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738
RHSA: 2015:2079