AmazonALAS-2024-2401Medium: binutils
Issue Overview:
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. (CVE-2020-19724)
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. (CVE-2021-46174)
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. (CVE-2022-35205)
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47007)
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47008)
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47010)
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. (CVE-2022-48064)
Potential heap based buffer overflow found in _bfd_elf_slurp_version_tables() in bfd/elf.c. (CVE-2023-1972)
Affected Packages:
binutils
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update binutils to update your system.
New Packages:
aarch64:
binutils-2.29.1-31.amzn2.0.1.aarch64
binutils-devel-2.29.1-31.amzn2.0.1.aarch64
binutils-debuginfo-2.29.1-31.amzn2.0.1.aarch64
i686:
binutils-2.29.1-31.amzn2.0.1.i686
binutils-devel-2.29.1-31.amzn2.0.1.i686
binutils-debuginfo-2.29.1-31.amzn2.0.1.i686
src:
binutils-2.29.1-31.amzn2.0.1.src
x86_64:
binutils-2.29.1-31.amzn2.0.1.x86_64
binutils-devel-2.29.1-31.amzn2.0.1.x86_64
binutils-debuginfo-2.29.1-31.amzn2.0.1.x86_64
Additional References
Red Hat: CVE-2020-19724, CVE-2021-46174, CVE-2022-35205, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-48064, CVE-2023-1972
Mitre: CVE-2020-19724, CVE-2021-46174, CVE-2022-35205, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-48064, CVE-2023-1972
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | binutils | < 2.29.1-31.amzn2.0.1 | binutils-2.29.1-31.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | binutils-devel | < 2.29.1-31.amzn2.0.1 | binutils-devel-2.29.1-31.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | binutils-debuginfo | < 2.29.1-31.amzn2.0.1 | binutils-debuginfo-2.29.1-31.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | i686 | binutils | < 2.29.1-31.amzn2.0.1 | binutils-2.29.1-31.amzn2.0.1.i686.rpm |
| Amazon Linux | 2 | i686 | binutils-devel | < 2.29.1-31.amzn2.0.1 | binutils-devel-2.29.1-31.amzn2.0.1.i686.rpm |
| Amazon Linux | 2 | i686 | binutils-debuginfo | < 2.29.1-31.amzn2.0.1 | binutils-debuginfo-2.29.1-31.amzn2.0.1.i686.rpm |
| Amazon Linux | 2 | x86_64 | binutils | < 2.29.1-31.amzn2.0.1 | binutils-2.29.1-31.amzn2.0.1.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | binutils-devel | < 2.29.1-31.amzn2.0.1 | binutils-devel-2.29.1-31.amzn2.0.1.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | binutils-debuginfo | < 2.29.1-31.amzn2.0.1 | binutils-debuginfo-2.29.1-31.amzn2.0.1.x86_64.rpm |
Related
