Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

openSUSE Leap 15.0: 2019:2415-1 Moderate: binutils Security Issues

opensuse
Calendar Grey October 30, 2019
Dist Opensuse Esm H88
openSUSE Security Update: Security update for binutils _____________________________________________
An update that fixes 28 vulnerabilities is now available.

Description

This update for binutils fixes the following issues:

binutils was updated to current 2.32 branch [jsc#ECO-368].

Includes following security fixes:

- CVE-2018-17358: Fixed invalid memory access in

_bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)

- CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in

opncls.c (bsc#1109413)

- CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in

libbfd.c (bsc#1109414)

- CVE-2018-17985: Fixed a stack consumption problem caused by the

cplus_demangle_type (bsc#1116827)

- CVE-2018-18309: Fixed an invalid memory address dereference was

discovered in read_reloc in reloc.c (bsc#1111996)

- CVE-2018-18483: Fixed get_count function provided by libiberty that

allowed attackers to cause a denial of service or other unspecified

impact (bsc#1112535)

- CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions

provided by libiberty, caused by...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2415=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

binutils-2.32-lp150.10.1

binutils-debuginfo-2.32-lp150.10.1

binutils-debugsource-2.32-lp150.10.1

binutils-devel-2.32-lp150.10.1

binutils-gold-2.32-lp150.10.1

binutils-gold-debuginfo-2.32-lp150.10.1

- openSUSE Leap 15.0 (x86_64):

binutils-devel-32bit-2.32-lp150.10.1

References

https://www.suse.com/security/cve/CVE-2018-1000876.html

https://www.suse.com/security/cve/CVE-2018-17358.html

https://www.suse.com/security/cve/CVE-2018-17359.html

https://www.suse.com/security/cve/CVE-2018-17360.html

https://www.suse.com/security/cve/CVE-2018-17985.html

https://www.suse.com/security/cve/CVE-2018-18309.html

https://www.suse.com/security/cve/CVE-2018-18483.html

https://www.suse.com/security/cve/CVE-2018-18484.html

https://www.suse.com/security/cve/CVE-2018-18605.html

https://www.suse.com/security/cve/CVE-2018-18606.html

https://www.suse.com/security/cve/CVE-2018-18607.html

https://www.suse.com/security/cve/CVE-2018-19931.html

https://www.suse.com/security/cve/CVE-2018-19932.html

https://www.suse.com/security/cve/CVE-2018-20623.html

https://www.suse.com/security/cve/CVE-2018-20651.html

https://www.suse.com/security/cve/CVE-2018-20671.html

https://www.suse.com/security/cve/CVE-2018-6323.html

https://www.suse.com/security/cve/CVE-2018-6543.html

https://www.suse.com/security/cve/CVE-2018-675...

Read the Full Advisory

Announcement ID: openSUSE-SU-2019:2415-1
Rating: moderate
Affected Products: openSUSE Leap 15.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.