Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

SUSE Linux 15: 2018:3170-1 Moderate: Binutils Denial Of Service Issues

suse
Calendar Grey October 16, 2018
Dist Suse Esm H88
SUSE unveiled a patch for binutils that resolves 25 vulnerabilities, notably several denial of service concerns.
An update that solves 25 vulnerabilities and has two fixes is now available

Summary

This update for binutils to version 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643) - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689) - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable

References

#1065643 #1065689 #1065693 #1068640 #1068643

#1068887 #1068888 #1068950 #1069176 #1069202

#1075418 #1077745 #1079103 #1079741 #1080556

#1081527 #1083528 #1083532 #1085784 #1086608

#1086784 #1086786 #1086788 #1090997 #1091015

#1091365 #1091368

Cross- CVE-2017-15938 CVE-2017-15939 CVE-2017-15996

CVE-2017-16826 CVE-2017-16827 CVE-2017-16828

CVE-2017-16829 CVE-2017-16830 CVE-2017-16831

CVE-2017-16832 CVE-2018-10372 CVE-2018-10373

CVE-2018-10534 CVE-2018-10535 CVE-2018-6323

CVE-2018-6543 CVE-2018-6759 CVE-2018-6872

CVE-2018-7208 CVE-2018-7568 CVE-2018-7569

CVE-2018-7570 CVE-2018-7642 CVE-2018-7643

CVE-2018-8945

Affected Products:

SUSE Linux Enterprise Module for Development Tools 15

SUSE Linux...

Read the Full Advisory

Announcement ID: SUSE-SU-2018:3170-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.