Red Hat 7: RHSA-2023-3269-01 Moderate: Devtoolset-12-Binutils Security Fix
red hat
May 24, 2023
An update for devtoolset-12-binutils is now available for Red Hat Software Collections
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
The binutils packages provide a collection of binary utilities for the
manipulation of object code in various object file formats. It includes the
ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings,
strip, and addr2line utilities.
Security Fix(es):
* binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string
leads to segfault (CVE-2022-4285)
* libiberty: Heap/stack buffer overflow in the dlang_lname function in
d-demangle.c (CVE-2021-3826)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
References
https://access.redhat.com/security/cve/CVE-2021-3826 https://access.redhat.com/security/cve/CVE-2022-4285 https://access.redhat.com/security/updates/classification#moderate
Package List
Red Hat Software Collections for RHEL Workstation(v. 7):
Source:
devtoolset-12-binutils-2.36.1-6.el7.src.rpm
ppc64:
devtoolset-12-binutils-2.36.1-6.el7.ppc64.rpm
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.ppc64.rpm
devtoolset-12-binutils-devel-2.36.1-6.el7.ppc64.rpm
ppc64le:
devtoolset-12-binutils-2.36.1-6.el7.ppc64le.rpm
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.ppc64le.rpm
devtoolset-12-binutils-devel-2.36.1-6.el7.ppc64le.rpm
s390x:
devtoolset-12-binutils-2.36.1-6.el7.s390x.rpm
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.s390x.rpm
devtoolset-12-binutils-devel-2.36.1-6.el7.s390x.rpm
x86_64:
devtoolset-12-binutils-2.36.1-6.el7.i686.rpm
devtoolset-12-binutils-2.36.1-6.el7.x86_64.rpm
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.i686.rpm
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.x86_64.rpm
devtoolset-12-binutils-devel-2.36.1-6.el7.i686.rpm
devtoolset-12-binutils-devel-2.36.1-6.el7.x86_64.rpm
Red Hat Software Collections for RHEL(v. 7):
Source:
devtoolset-12-binutils-2.36.1-6.el7.src.rpm
x86_64:
devtoolset-12-binutils-2.36.1-6.el7.i686.rpm
devtoolset-12-binutils-2.36.1-6.el7.x86_64.rpm
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.i686.rpm
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.x86_64.rpm
devtoolset-12-binutils-devel-2.36.1-6.el7.i686.rpm
Read the Full Advisory
PREVIOUS
NEXT
Advisory ID: RHSA-2023:3269-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3269
Issue date: 2023-05-23
Topic
An update for devtoolset-12-binutils is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Software Collections for RHEL Workstation(v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Software Collections for RHEL(v. 7) - x86_64
Bugs Fixed
2122627 - CVE-2021-3826 libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c
2150768 - CVE-2022-4285 binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!