Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

SUSE: 2018:3207-1 Moderate: Binutils Denial of Service Issues Fixed

suse
Calendar Grey October 17, 2018
Dist Suse Esm H88
SUSE Security Patch for binutils fixes various vulnerabilities and improves overall system security. Keep updated with essential security enhancements.
An update that solves 52 vulnerabilities and has two fixes is now available

Summary

This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable

References

#1029907 #1029908 #1029909 #1030296 #1030297

#1030298 #1030584 #1030585 #1030588 #1030589

#1031590 #1031593 #1031595 #1031638 #1031644

#1031656 #1037052 #1037057 #1037061 #1037066

#1037273 #1044891 #1044897 #1044901 #1044909

#1044925 #1044927 #1065643 #1065689 #1065693

#1068640 #1068643 #1068887 #1068888 #1068950

#1069176 #1069202 #1074741 #1077745 #1079103

#1079741 #1080556 #1081527 #1083528 #1083532

#1085784 #1086608 #1086784 #1086786 #1086788

#1090997 #1091015 #1091365 #1091368

Cross- CVE-2014-9939 CVE-2017-15938 CVE-2017-15939

CVE-2017-15996 CVE-2017-16826 CVE-2017-16827

CVE-2017-16828 CVE-2017-16829 CVE-2017-16830

CVE-2017-16831 CVE-2017-16832 CVE-2017-6965

CVE-2017-6966 CVE-2017-6969 CVE-2017-7209

...

Read the Full Advisory

Announcement ID: SUSE-SU-2018:3207-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.