Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 7: 2020-0112 Moderate: Binutils Buffer Overflow and DoS

mageia
Calendar Grey March 6, 2020
Dist Mageia Esm H88
This revision focuses on vital concerns regarding gcc in Fedora, improving performance and dependencies. Read on for more insights.
This update provides the binutils 2.33.1 and fixes atleast the following security issues: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32

Summary

This update provides the binutils 2.33.1 and fixes atleast the following security issues:
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap- based buffer overflow (CVE-2019-14250).
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file )CVE-2019-17450).
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm (CVE-2019-17451).
GNU binutils gold linker is affected by Improper Input Validation, Signed/ Unsigned Comparison, Out-of-bounds Read. The impact is: D...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25298

- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=binutils/NEWS;hb=refs/tags/binutils-2_33_1

- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gas/NEWS;hb=refs/tags/binutils-2_33_1

- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=ld/NEWS;hb=refs/tags/binutils-2_33_1

- https://www.cve.org/CVERecord?id=CVE-2019-14250

- https://www.cve.org/CVERecord?id=CVE-2019-17450

- https://www.cve.org/CVERecord?id=CVE-2019-17451

- https://www.cve.org/CVERecord?id=CVE-2019-1010204

Topics%20covered

Topics Covered

security advisory update buffer overflow DoS binutils Mageia

Resolution

SRPMS

- 7/core/binutils-2.33.1-1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0112.html
Type: security
CVE: CVE-2019-14250, CVE-2019-17450, CVE-2019-17451, CVE-2019-1010204

Topics%20covered

Topics Covered

security advisory update buffer overflow DoS binutils Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here