SUSE: 2022:4146-1 moderate: binutils
Summary
This update for binutils fixes the following issues:
The following security bugs were fixed:
- CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h
(bsc#1142579).
- CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in
rust-demangle.c (bsc#1185597).
- CVE-2021-3648: Fixed infinite loop while demangling rust symbols
(bsc#1188374).
- CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname
function in d-demangle.c (bsc#1202969).
- CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type()
in stabs.c (bsc#1193929).
- CVE-2021-46195: Fixed uncontrolled recursion in
libiberty/rust-demangle.c (bsc#1194783).
- CVE-2022-27943: Fixed stack exhaustion in demangle_const in
(bsc#1197592).
- CVE-2022-38126: Fixed assertion fail in the display_debug_names()
function in binutils/dwarf.c (bsc#1202966).
- CVE-2022-38127: Fixed NULL pointer dereference in the
read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967).
- CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32
(bsc#1202816).
The following non-security bugs were fixed:
- SLE toolchain update of binutils, update to 2.39 from 2.37.
- Update to 2.39:
* The ELF linker will now generate a warning message if the stack is
made executable. Similarly it will warn if the output binary contains
a segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions. The warnings are enabled by default but can be
disabled via a command line option. It is also possible to build a
linker with the warnings disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=
References
#1142579 #1185597 #1185712 #1188374 #1191473
#1193929 #1194783 #1197592 #1198237 #1202816
#1202966 #1202967 #1202969 PED-2029 PED-2030
PED-2031 PED-2032 PED-2033 PED-2034 PED-2035
PED-2038 SLE-25046 SLE-25047
Cross- CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648
CVE-2021-3826 CVE-2021-45078 CVE-2021-46195
CVE-2022-27943 CVE-2022-38126 CVE-2022-38127
CVE-2022-38533
CVSS scores:
CVE-2019-1010204 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-1010204 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-3530 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3530 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-3648 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-3826 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3826 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2021-45078 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-45078 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-46195 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-46195 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-27943 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-27943 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-38126 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-38126 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-38127 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38533 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-38533 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
https://www.suse.com/security/cve/CVE-2019-1010204.html
https://www.suse.com/security/cve/CVE-2021-3530.html
https://www.suse.com/security/cve/CVE-2021-3648.html
https://www.suse.com/security/cve/CVE-2021-3826.html
https://www.suse.com/security/cve/CVE-2021-45078.html
https://www.suse.com/security/cve/CVE-2021-46195.html
https://www.suse.com/security/cve/CVE-2022-27943.html
https://www.suse.com/security/cve/CVE-2022-38126.html
https://www.suse.com/security/cve/CVE-2022-38127.html
https://www.suse.com/security/cve/CVE-2022-38533.html
https://bugzilla.suse.com/1142579
https://bugzilla.suse.com/1185597
https://bugzilla.suse.com/1185712
https://bugzilla.suse.com/1188374
https://bugzilla.suse.com/1191473
https://bugzilla.suse.com/1193929
https://bugzilla.suse.com/1194783
https://bugzilla.suse.com/1197592
https://bugzilla.suse.com/1198237
https://bugzilla.suse.com/1202816
https://bugzilla.suse.com/1202966
https://bugzilla.suse.com/1202967
https://bugzilla.suse.com/1202969