Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE 2022:4146-1 Moderate: Binutils Buffer Overflow Threat

suse
Calendar Grey November 21, 2022
Dist Suse Esm H88
SUSE updates fix multiple binutils vulnerabilities, including buffer and heap overflows. Stay secure!
An update that solves 10 vulnerabilities, contains 10 features and has three fixes is now available

Summary

This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592).

Topics%20covered

Topics Covered

security advisory moderate buffer overflow security fix heap overflow SUSE binutils

References

#1142579 #1185597 #1185712 #1188374 #1191473

#1193929 #1194783 #1197592 #1198237 #1202816

#1202966 #1202967 #1202969 PED-2029 PED-2030

PED-2031 PED-2032 PED-2033 PED-2034 PED-2035

PED-2038 SLE-25046 SLE-25047

Cross- CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648

CVE-2021-3826 CVE-2021-45078 CVE-2021-46195

CVE-2022-27943 CVE-2022-38126 CVE-2022-38127

CVE-2022-38533

CVSS scores:

CVE-2019-1010204 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2019-1010204 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2021-3530 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-3530 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2021-3648 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4146-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate buffer overflow security fix heap overflow SUSE binutils

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here