You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Binutils

Sigurnosni nedostaci programskog paketa Binutils

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LGE

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201908-01
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: Binutils: Multiple vulnerabilities
Date: August 03, 2019
Bugs: #672904, #672910, #674668, #682698, #682702
ID: 201908-01

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in Binutils, the worst of
which may allow remote attackers to cause a Denial of Service
condition.

Background
==========

The GNU Binutils are a collection of tools to create, modify and
analyse binary files. Many of the files use BFD, the Binary File
Descriptor library, to do low-level manipulation.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 sys-devel/binutils < 2.32-r1 >= 2.32-r1

Description
===========

Multiple vulnerabilities have been discovered in Binutils. Please
review the referenced CVE identifiers for details.

Impact
======

A remote attacker, by enticing a user to compile/execute a specially
crafted ELF, object, PE, or binary file, could possibly cause a Denial
of Service condition or have other unspecified impacts.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Binutils users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=sys-devel/binutils-2.32-r1”

References
==========

[ 1 ] CVE-2018-10372
https://nvd.nist.gov/vuln/detail/CVE-2018-10372
[ 2 ] CVE-2018-10373
https://nvd.nist.gov/vuln/detail/CVE-2018-10373
[ 3 ] CVE-2018-10534
https://nvd.nist.gov/vuln/detail/CVE-2018-10534
[ 4 ] CVE-2018-10535
https://nvd.nist.gov/vuln/detail/CVE-2018-10535
[ 5 ] CVE-2018-12641
https://nvd.nist.gov/vuln/detail/CVE-2018-12641
[ 6 ] CVE-2018-12697
https://nvd.nist.gov/vuln/detail/CVE-2018-12697
[ 7 ] CVE-2018-12698
https://nvd.nist.gov/vuln/detail/CVE-2018-12698
[ 8 ] CVE-2018-12699
https://nvd.nist.gov/vuln/detail/CVE-2018-12699
[ 9 ] CVE-2018-12700
https://nvd.nist.gov/vuln/detail/CVE-2018-12700
[ 10 ] CVE-2018-13033
https://nvd.nist.gov/vuln/detail/CVE-2018-13033
[ 11 ] CVE-2018-19931
https://nvd.nist.gov/vuln/detail/CVE-2018-19931
[ 12 ] CVE-2018-19932
https://nvd.nist.gov/vuln/detail/CVE-2018-19932
[ 13 ] CVE-2018-20002
https://nvd.nist.gov/vuln/detail/CVE-2018-20002
[ 14 ] CVE-2018-20651
https://nvd.nist.gov/vuln/detail/CVE-2018-20651

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201908-01

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
—–BEGIN PGP SIGNATURE—–

iQEzBAABCAAdFiEEDA48qNrrn8VVVcst4yp5f7HQy3AFAl1Fbq8ACgkQ4yp5f7HQ
y3AdDgf/ZMQYHW38fEBDBQ9Oitaf3EmxmGtJ8wvaBKpCvERTnhDN0E0GJ2sD/ClG
pzyaAE+xl8GwpCZk0uIVACbUYg26+9JLLzy0Q/f2D8T+VwMbrStoXboN9MfxKuFj
YPhHK/F/+CFsV/9CAzTLU388zAMm5zfP7quqOSYNSyxqwGk/d5nNxasvBAB7sTUU
6h8eaYwpL+xeclAfqLP8N1/aj6qR1FR/k0EWp8WgD3IuDVvZrEpP2I+DhCKS4Nzg
smj+sAVT5u2HBzNCent8Kvdkid9V+6cS9tTUtJLZDiwXrPybTGB5jfxrKYSztVBL
bmSEhQz2U8tEeeCxKkqBtdtTvB7p0g==
=9sRG
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2019-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke glib2.0

Otkriven je sigurnosni nedostatak programske biblioteke glib2.0 za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje...

Close