ID FEDORA:BD59C60C37E5 Type fedora Reporter Fedora Modified 2014-12-06T02:40:44
Description
This is a Cross Compiling version of GNU binutils, which can be used to assemble and link binaries for the avr platform, instead of for the native arm platform.
{"fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8485", "CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504", "CVE-2014-8737", "CVE-2014-8738"], "description": "This is a Cross Compiling version of GNU binutils, which can be used to assemble and link binaries for the avr platform, instead of for the native x86_64 platform. ", "modified": "2014-12-07T04:38:04", "published": "2014-12-07T04:38:04", "id": "FEDORA:8A9A76087BCD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: avr-binutils-2.24-3.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8485", "CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504", "CVE-2014-8737", "CVE-2014-8738"], "description": "This is a cross-compilation version of GNU Binutils, which can be used to assemble and link binaries for the arm-none-eabi platform. This Binutils package is based on the CodeSourcery 2014.05-28 release, which includes improved ARM target support compared to the corresponding FSF release. CodeSourcery contributes their changes to the FSF, but it takes a while for them to get merged. For the ARM target, effectively CodeSourcery is upstream of FSF. ", "modified": "2014-12-06T02:37:17", "published": "2014-12-06T02:37:17", "id": "FEDORA:8945860D05F6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update:\n arm-none-eabi-binutils-cs-2014.05.28-3.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8485", "CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504", "CVE-2014-8737", "CVE-2014-8738"], "description": "This is a cross-compilation version of GNU Binutils, which can be used to assemble and link binaries for the arm-none-eabi platform. This Binutils package is based on the CodeSourcery 2014.05-28 release, which includes improved ARM target support compared to the corresponding FSF release. CodeSourcery contributes their changes to the FSF, but it takes a while for them to get merged. For the ARM target, effectively CodeSourcery is upstream of FSF. ", "modified": "2014-12-07T04:39:43", "published": "2014-12-07T04:39:43", "id": "FEDORA:5C7356087AED", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update:\n arm-none-eabi-binutils-cs-2014.05.28-3.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8485", "CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504", "CVE-2014-8737", "CVE-2014-8738"], "description": "This is a Cross Compiling version of GNU binutils, which can be used to assemble and link binaries for the avr platform, instead of for the native arm platform. ", "modified": "2014-12-06T10:04:44", "published": "2014-12-06T10:04:44", "id": "FEDORA:6B7BF60CC891", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: avr-binutils-2.24-4.fc21", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8485", "CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504", "CVE-2014-8737", "CVE-2014-8738"], "description": "This is a cross-compilation version of GNU Binutils, which can be used to assemble and link binaries for the arm-none-eabi platform. This Binutils package is based on the CodeSourcery 2014.05-28 release, which includes improved ARM target support compared to the corresponding FSF release. CodeSourcery contributes their changes to the FSF, but it takes a while for them to get merged. For the ARM target, effectively CodeSourcery is upstream of FSF. ", "modified": "2014-12-06T10:09:21", "published": "2014-12-06T10:09:21", "id": "FEDORA:C946260BC97C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update:\n arm-none-eabi-binutils-cs-2014.05.28-3.fc21", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504", "CVE-2014-8737", "CVE-2014-8738"], "description": "Cross compiled binutils (utilities like 'strip', 'as', 'ld') which understand Windows executables and DLLs. ", "modified": "2015-01-02T05:07:07", "published": "2015-01-02T05:07:07", "id": "FEDORA:ED4966087999", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: mingw-binutils-2.25-1.fc21", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504", "CVE-2014-8737", "CVE-2014-8738"], "description": "Cross compiled binutils (utilities like 'strip', 'as', 'ld') which understand Windows executables and DLLs. ", "modified": "2015-01-02T05:06:02", "published": "2015-01-02T05:06:02", "id": "FEDORA:3D028608789E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mingw-binutils-2.24-5.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504"], "description": "Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line). ", "modified": "2015-01-21T23:05:23", "published": "2015-01-21T23:05:23", "id": "FEDORA:3CA7860EFBA3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: cross-binutils-2.25-3.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8737", "CVE-2014-8738"], "description": "Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line). ", "modified": "2015-01-21T23:06:43", "published": "2015-01-21T23:06:43", "id": "FEDORA:86C2E619C1C3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: binutils-2.24-30.fc21", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:12:15", "description": " - fix directory traversal vulnerability (#1162657)\n\n - fix CVE-2014-8501: out-of-bounds write when parsing\n specially crafted PE executable\n\n - fix CVE-2014-8502: heap overflow in objdump\n\n - fix CVE-2014-8503: stack overflow in objdump when\n parsing specially crafted ihex file\n\n - fix CVE-2014-8504: stack overflow in the SREC parser\n\n - fix out of bounds memory write\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-12-07T00:00:00", "title": "Fedora 19 : arm-none-eabi-binutils-cs-2014.05.28-3.fc19 (2014-14874)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2014-12-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:arm-none-eabi-binutils-cs", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-14874.NASL", "href": "https://www.tenable.com/plugins/nessus/79764", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14874.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79764);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_bugtraq_id(70741, 70761, 70866, 70869, 70908, 71083);\n script_xref(name:\"FEDORA\", value:\"2014-14874\");\n\n script_name(english:\"Fedora 19 : arm-none-eabi-binutils-cs-2014.05.28-3.fc19 (2014-14874)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix directory traversal vulnerability (#1162657)\n\n - fix CVE-2014-8501: out-of-bounds write when parsing\n specially crafted PE executable\n\n - fix CVE-2014-8502: heap overflow in objdump\n\n - fix CVE-2014-8503: stack overflow in objdump when\n parsing specially crafted ihex file\n\n - fix CVE-2014-8504: stack overflow in the SREC parser\n\n - fix out of bounds memory write\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162666\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3aeab58f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected arm-none-eabi-binutils-cs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arm-none-eabi-binutils-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"arm-none-eabi-binutils-cs-2014.05.28-3.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arm-none-eabi-binutils-cs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:15", "description": " - fix directory traversal vulnerability (#1162657)\n\n - fix CVE-2014-8501: out-of-bounds write when parsing\n specially crafted PE executable\n\n - fix CVE-2014-8502: heap overflow in objdump\n\n - fix CVE-2014-8503: stack overflow in objdump when\n parsing specially crafted ihex file\n\n - fix CVE-2014-8504: stack overflow in the SREC parser\n\n - fix out of bounds memory write\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-12-06T00:00:00", "title": "Fedora 20 : arm-none-eabi-binutils-cs-2014.05.28-3.fc20 (2014-14833)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2014-12-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:arm-none-eabi-binutils-cs", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-14833.NASL", "href": "https://www.tenable.com/plugins/nessus/79747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14833.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79747);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_bugtraq_id(70741, 70761, 70866, 70869, 70908, 71083);\n script_xref(name:\"FEDORA\", value:\"2014-14833\");\n\n script_name(english:\"Fedora 20 : arm-none-eabi-binutils-cs-2014.05.28-3.fc20 (2014-14833)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix directory traversal vulnerability (#1162657)\n\n - fix CVE-2014-8501: out-of-bounds write when parsing\n specially crafted PE executable\n\n - fix CVE-2014-8502: heap overflow in objdump\n\n - fix CVE-2014-8503: stack overflow in objdump when\n parsing specially crafted ihex file\n\n - fix CVE-2014-8504: stack overflow in the SREC parser\n\n - fix out of bounds memory write\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162666\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0c2f038\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected arm-none-eabi-binutils-cs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arm-none-eabi-binutils-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"arm-none-eabi-binutils-cs-2014.05.28-3.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arm-none-eabi-binutils-cs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:16", "description": " - fix directory traversal vulnerability (#1162657)\n\n - fix CVE-2014-8501: out-of-bounds write when parsing\n specially crafted PE executable\n\n - fix CVE-2014-8502: heap overflow in objdump\n\n - fix CVE-2014-8503: stack overflow in objdump when\n parsing specially crafted ihex file\n\n - fix CVE-2014-8504: stack overflow in the SREC parser\n\n - fix out of bounds memory write\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-12-07T00:00:00", "title": "Fedora 21 : arm-none-eabi-binutils-cs-2014.05.28-3.fc21 (2014-14888)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2014-12-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:arm-none-eabi-binutils-cs", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-14888.NASL", "href": "https://www.tenable.com/plugins/nessus/79765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14888.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79765);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_bugtraq_id(70741, 70761, 70866, 70869, 70908, 71083);\n script_xref(name:\"FEDORA\", value:\"2014-14888\");\n\n script_name(english:\"Fedora 21 : arm-none-eabi-binutils-cs-2014.05.28-3.fc21 (2014-14888)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix directory traversal vulnerability (#1162657)\n\n - fix CVE-2014-8501: out-of-bounds write when parsing\n specially crafted PE executable\n\n - fix CVE-2014-8502: heap overflow in objdump\n\n - fix CVE-2014-8503: stack overflow in objdump when\n parsing specially crafted ihex file\n\n - fix CVE-2014-8504: stack overflow in the SREC parser\n\n - fix out of bounds memory write\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162666\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e5083da\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected arm-none-eabi-binutils-cs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arm-none-eabi-binutils-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"arm-none-eabi-binutils-cs-2014.05.28-3.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arm-none-eabi-binutils-cs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:10", "description": "Upgrade to binutils-2.25 thus fixing a number of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2015-01-22T00:00:00", "title": "Fedora 20 : cross-binutils-2.25-3.fc20 (2015-0471)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2015-01-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cross-binutils", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-0471.NASL", "href": "https://www.tenable.com/plugins/nessus/80894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-0471.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80894);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_bugtraq_id(70761, 70866, 70868, 70869);\n script_xref(name:\"FEDORA\", value:\"2015-0471\");\n\n script_name(english:\"Fedora 20 : cross-binutils-2.25-3.fc20 (2015-0471)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to binutils-2.25 thus fixing a number of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162672\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14ac5a9b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cross-binutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cross-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"cross-binutils-2.25-3.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cross-binutils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:27", "description": "Fix various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2015-01-02T00:00:00", "title": "Fedora 21 : mingw-binutils-2.25-1.fc21 (2014-17586)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2015-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:mingw-binutils"], "id": "FEDORA_2014-17586.NASL", "href": "https://www.tenable.com/plugins/nessus/80321", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-17586.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80321);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_bugtraq_id(70761, 70866, 70868, 70869);\n script_xref(name:\"FEDORA\", value:\"2014-17586\");\n\n script_name(english:\"Fedora 21 : mingw-binutils-2.25-1.fc21 (2014-17586)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162673\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54570fec\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-binutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-binutils-2.25-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-binutils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:28", "description": "Fix various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2015-01-02T00:00:00", "title": "Fedora 20 : mingw-binutils-2.24-5.fc20 (2014-17603)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2015-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:mingw-binutils"], "id": "FEDORA_2014-17603.NASL", "href": "https://www.tenable.com/plugins/nessus/80326", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-17603.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80326);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_bugtraq_id(70761, 70866, 70868, 70869);\n script_xref(name:\"FEDORA\", value:\"2014-17603\");\n\n script_name(english:\"Fedora 20 : mingw-binutils-2.24-5.fc20 (2014-17603)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1162673\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78190d04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-binutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mingw-binutils-2.24-5.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-binutils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:05:28", "description": "The remote host is affected by the vulnerability described in GLSA-201612-24\n(Binutils: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Binutils. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in execution of arbitrary code with the privileges of\n the process, cause a Denial of Service condition, or overwrite arbitrary\n files.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2016-12-08T00:00:00", "title": "GLSA-201612-24 : Binutils: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:binutils", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201612-24.NASL", "href": "https://www.tenable.com/plugins/nessus/95640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-24.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95640);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8484\", \"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_xref(name:\"GLSA\", value:\"201612-24\");\n\n script_name(english:\"GLSA-201612-24 : Binutils: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-24\n(Binutils: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Binutils. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in execution of arbitrary code with the privileges of\n the process, cause a Denial of Service condition, or overwrite arbitrary\n files.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Binutils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/binutils-2.25'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-devel/binutils\", unaffected:make_list(\"ge 2.25\"), vulnerable:make_list(\"lt 2.25\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Binutils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:49:01", "description": "Multiple buffer overflow flaws were found in the libbdf library used\nby various binutils utilities. If a user were tricked into processing\na specially crafted file with an application using the libbdf library,\nit could cause the application to crash or, potentially, execute\narbitrary code. (CVE-2014-8485, CVE-2014-8501, CVE-2014-8502,\nCVE-2014-8503, CVE-2014-8504, CVE-2014-8738)\n\nAn integer overflow flaw was found in the libbdf library used by\nvarious binutils utilities. If a user were tricked into processing a\nspecially crafted file with an application using the libbdf library,\nit could cause the application to crash. (CVE-2014-8484)\n\nA directory traversal flaw was found in the strip and objcopy\nutilities. A specially crafted file could cause strip or objdump to\noverwrite an arbitrary file writable by the user running either of\nthese utilities. (CVE-2014-8737)\n\nThis update fixes the following bugs :\n\n - Binary files started by the system loader could lack the\n Relocation Read-Only (RELRO) protection even though it\n was explicitly requested when the application was built.\n This bug has been fixed on multiple architectures.\n Applications and all dependent object files, archives,\n and libraries built with an alpha or beta version of\n binutils should be rebuilt to correct this defect.\n\n - The ld linker on 64-bit PowerPC now correctly checks the\n output format when asked to produce a binary in another\n format than PowerPC.\n\n - An important variable that holds the symbol table for\n the binary being debugged has been made persistent, and\n the objdump utility on 64-bit PowerPC is now able to\n access the needed information without reading an invalid\n memory region.\n\n - Undesirable runtime relocations described in\n SLBA-2015:0974.\n\nThe update adds these enhancements :\n\n - New hardware instructions of the IBM z Systems z13 are\n now supported by assembler, disassembler, and linker, as\n well as Single Instruction, Multiple Data (SIMD)\n instructions.\n\n - Expressions of the form: 'FUNC@localentry' to refer to\n the local entry point for the FUNC function (if defined)\n are now supported by the PowerPC assembler. These are\n required by the ELFv2 ABI on the little-endian variant\n of IBM Power Systems.", "edition": 15, "published": "2015-12-22T00:00:00", "title": "Scientific Linux Security Update : binutils on SL7.x x86_64 (20151119)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2015-12-22T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:binutils", "p-cpe:/a:fermilab:scientific_linux:binutils-debuginfo", "p-cpe:/a:fermilab:scientific_linux:binutils-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151119_BINUTILS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87550", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87550);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8484\", \"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n\n script_name(english:\"Scientific Linux Security Update : binutils on SL7.x x86_64 (20151119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflow flaws were found in the libbdf library used\nby various binutils utilities. If a user were tricked into processing\na specially crafted file with an application using the libbdf library,\nit could cause the application to crash or, potentially, execute\narbitrary code. (CVE-2014-8485, CVE-2014-8501, CVE-2014-8502,\nCVE-2014-8503, CVE-2014-8504, CVE-2014-8738)\n\nAn integer overflow flaw was found in the libbdf library used by\nvarious binutils utilities. If a user were tricked into processing a\nspecially crafted file with an application using the libbdf library,\nit could cause the application to crash. (CVE-2014-8484)\n\nA directory traversal flaw was found in the strip and objcopy\nutilities. A specially crafted file could cause strip or objdump to\noverwrite an arbitrary file writable by the user running either of\nthese utilities. (CVE-2014-8737)\n\nThis update fixes the following bugs :\n\n - Binary files started by the system loader could lack the\n Relocation Read-Only (RELRO) protection even though it\n was explicitly requested when the application was built.\n This bug has been fixed on multiple architectures.\n Applications and all dependent object files, archives,\n and libraries built with an alpha or beta version of\n binutils should be rebuilt to correct this defect.\n\n - The ld linker on 64-bit PowerPC now correctly checks the\n output format when asked to produce a binary in another\n format than PowerPC.\n\n - An important variable that holds the symbol table for\n the binary being debugged has been made persistent, and\n the objdump utility on 64-bit PowerPC is now able to\n access the needed information without reading an invalid\n memory region.\n\n - Undesirable runtime relocations described in\n SLBA-2015:0974.\n\nThe update adds these enhancements :\n\n - New hardware instructions of the IBM z Systems z13 are\n now supported by assembler, disassembler, and linker, as\n well as Single Instruction, Multiple Data (SIMD)\n instructions.\n\n - Expressions of the form: 'FUNC@localentry' to refer to\n the local entry point for the FUNC function (if defined)\n are now supported by the PowerPC assembler. These are\n required by the ELFv2 ABI on the little-endian variant\n of IBM Power Systems.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=13035\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96b569b1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected binutils, binutils-debuginfo and / or\nbinutils-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"binutils-2.23.52.0.1-55.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"binutils-debuginfo-2.23.52.0.1-55.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"binutils-devel-2.23.52.0.1-55.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-debuginfo / binutils-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:30:22", "description": "Updated binutils packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe binutils packages provide a set of binary utilities.\n\nMultiple buffer overflow flaws were found in the libbdf library used\nby various binutils utilities. If a user were tricked into processing\na specially crafted file with an application using the libbdf library,\nit could cause the application to crash or, potentially, execute\narbitrary code. (CVE-2014-8485, CVE-2014-8501, CVE-2014-8502,\nCVE-2014-8503, CVE-2014-8504, CVE-2014-8738)\n\nAn integer overflow flaw was found in the libbdf library used by\nvarious binutils utilities. If a user were tricked into processing a\nspecially crafted file with an application using the libbdf library,\nit could cause the application to crash. (CVE-2014-8484)\n\nA directory traversal flaw was found in the strip and objcopy\nutilities. A specially crafted file could cause strip or objdump to\noverwrite an arbitrary file writable by the user running either of\nthese utilities. (CVE-2014-8737)\n\nThis update fixes the following bugs :\n\n* Binary files started by the system loader could lack the Relocation\nRead-Only (RELRO) protection even though it was explicitly requested\nwhen the application was built. This bug has been fixed on multiple\narchitectures. Applications and all dependent object files, archives,\nand libraries built with an alpha or beta version of binutils should\nbe rebuilt to correct this defect. (BZ#1200138, BZ#1175624)\n\n* The ld linker on 64-bit PowerPC now correctly checks the output\nformat when asked to produce a binary in another format than PowerPC.\n(BZ#1226864)\n\n* An important variable that holds the symbol table for the binary\nbeing debugged has been made persistent, and the objdump utility on\n64-bit PowerPC is now able to access the needed information without\nreading an invalid memory region. (BZ#1172766)\n\n* Undesirable runtime relocations described in RHBA-2015:0974.\n(BZ#872148)\n\nThe update adds these enhancements :\n\n* New hardware instructions of the IBM z Systems z13 are now supported\nby assembler, disassembler, and linker, as well as Single Instruction,\nMultiple Data (SIMD) instructions. (BZ#1182153)\n\n* Expressions of the form: 'FUNC@localentry' to refer to the local\nentry point for the FUNC function (if defined) are now supported by\nthe PowerPC assembler. These are required by the ELFv2 ABI on the\nlittle-endian variant of IBM Power Systems. (BZ#1194164)\n\nAll binutils users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.", "edition": 28, "published": "2015-12-02T00:00:00", "title": "CentOS 7 : binutils (CESA-2015:2079)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2015-12-02T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:binutils", "p-cpe:/a:centos:centos:binutils-devel"], "id": "CENTOS_RHSA-2015-2079.NASL", "href": "https://www.tenable.com/plugins/nessus/87127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2079 and \n# CentOS Errata and Security Advisory 2015:2079 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87127);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8484\", \"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_xref(name:\"RHSA\", value:\"2015:2079\");\n\n script_name(english:\"CentOS 7 : binutils (CESA-2015:2079)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated binutils packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe binutils packages provide a set of binary utilities.\n\nMultiple buffer overflow flaws were found in the libbdf library used\nby various binutils utilities. If a user were tricked into processing\na specially crafted file with an application using the libbdf library,\nit could cause the application to crash or, potentially, execute\narbitrary code. (CVE-2014-8485, CVE-2014-8501, CVE-2014-8502,\nCVE-2014-8503, CVE-2014-8504, CVE-2014-8738)\n\nAn integer overflow flaw was found in the libbdf library used by\nvarious binutils utilities. If a user were tricked into processing a\nspecially crafted file with an application using the libbdf library,\nit could cause the application to crash. (CVE-2014-8484)\n\nA directory traversal flaw was found in the strip and objcopy\nutilities. A specially crafted file could cause strip or objdump to\noverwrite an arbitrary file writable by the user running either of\nthese utilities. (CVE-2014-8737)\n\nThis update fixes the following bugs :\n\n* Binary files started by the system loader could lack the Relocation\nRead-Only (RELRO) protection even though it was explicitly requested\nwhen the application was built. This bug has been fixed on multiple\narchitectures. Applications and all dependent object files, archives,\nand libraries built with an alpha or beta version of binutils should\nbe rebuilt to correct this defect. (BZ#1200138, BZ#1175624)\n\n* The ld linker on 64-bit PowerPC now correctly checks the output\nformat when asked to produce a binary in another format than PowerPC.\n(BZ#1226864)\n\n* An important variable that holds the symbol table for the binary\nbeing debugged has been made persistent, and the objdump utility on\n64-bit PowerPC is now able to access the needed information without\nreading an invalid memory region. (BZ#1172766)\n\n* Undesirable runtime relocations described in RHBA-2015:0974.\n(BZ#872148)\n\nThe update adds these enhancements :\n\n* New hardware instructions of the IBM z Systems z13 are now supported\nby assembler, disassembler, and linker, as well as Single Instruction,\nMultiple Data (SIMD) instructions. (BZ#1182153)\n\n* Expressions of the form: 'FUNC@localentry' to refer to the local\nentry point for the FUNC function (if defined) are now supported by\nthe PowerPC assembler. These are required by the ELFv2 ABI on the\nlittle-endian variant of IBM Power Systems. (BZ#1194164)\n\nAll binutils users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002131.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b356c572\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8485\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"binutils-2.23.52.0.1-55.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"binutils-devel-2.23.52.0.1-55.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:53", "description": "Multiple security issues have been found in binutils, a toolbox for\nbinary file manipulation. These vulnerabilities include multiple\nmemory safety errors, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, the\nbypass of security restrictions, path traversal attack or denial of\nservice.", "edition": 15, "published": "2015-01-12T00:00:00", "title": "Debian DSA-3123-1 : binutils - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "modified": "2015-01-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:binutils", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3123.NASL", "href": "https://www.tenable.com/plugins/nessus/80444", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3123. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80444);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8484\", \"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_bugtraq_id(70714, 70741, 70761, 70866, 70868, 70869, 70908, 71083);\n script_xref(name:\"DSA\", value:\"3123\");\n\n script_name(english:\"Debian DSA-3123-1 : binutils - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in binutils, a toolbox for\nbinary file manipulation. These vulnerabilities include multiple\nmemory safety errors, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, the\nbypass of security restrictions, path traversal attack or denial of\nservice.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/binutils\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3123\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the binutils packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 2.22-8+deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"binutils\", reference:\"2.22-8+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"binutils-dev\", reference:\"2.22-8+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"binutils-doc\", reference:\"2.22-8+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"binutils-gold\", reference:\"2.22-8+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"binutils-multiarch\", reference:\"2.22-8+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"binutils-source\", reference:\"2.22-8+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"binutils-spu\", reference:\"2.22-8+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "description": "Check the version of arm-none-eabi-binutils-cs", "modified": "2019-03-15T00:00:00", "published": "2014-12-08T00:00:00", "id": "OPENVAS:1361412562310868565", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868565", "type": "openvas", "title": "Fedora Update for arm-none-eabi-binutils-cs FEDORA-2014-14874", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for arm-none-eabi-binutils-cs FEDORA-2014-14874\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868565\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-08 06:22:34 +0100 (Mon, 08 Dec 2014)\");\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\",\n \"CVE-2014-8738\", \"CVE-2014-8737\", \"CVE-2014-8485\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for arm-none-eabi-binutils-cs FEDORA-2014-14874\");\n script_tag(name:\"summary\", value:\"Check the version of arm-none-eabi-binutils-cs\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"arm-none-eabi-binutils-cs on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-14874\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"arm-none-eabi-binutils-cs\", rpm:\"arm-none-eabi-binutils-cs~2014.05.28~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "description": "Check the version of arm-none-eabi-binutils-cs", "modified": "2019-03-15T00:00:00", "published": "2014-12-06T00:00:00", "id": "OPENVAS:1361412562310868553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868553", "type": "openvas", "title": "Fedora Update for arm-none-eabi-binutils-cs FEDORA-2014-14833", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for arm-none-eabi-binutils-cs FEDORA-2014-14833\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868553\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-06 06:48:32 +0100 (Sat, 06 Dec 2014)\");\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\",\n \"CVE-2014-8738\", \"CVE-2014-8737\", \"CVE-2014-8485\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for arm-none-eabi-binutils-cs FEDORA-2014-14833\");\n script_tag(name:\"summary\", value:\"Check the version of arm-none-eabi-binutils-cs\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"arm-none-eabi-binutils-cs on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-14833\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"arm-none-eabi-binutils-cs\", rpm:\"arm-none-eabi-binutils-cs~2014.05.28~3.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "description": "Check the version of avr-binutils", "modified": "2019-03-15T00:00:00", "published": "2014-12-08T00:00:00", "id": "OPENVAS:1361412562310868558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868558", "type": "openvas", "title": "Fedora Update for avr-binutils FEDORA-2014-14838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for avr-binutils FEDORA-2014-14838\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868558\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-08 06:21:41 +0100 (Mon, 08 Dec 2014)\");\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\",\n \"CVE-2014-8738\", \"CVE-2014-8737\", \"CVE-2014-8485\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for avr-binutils FEDORA-2014-14838\");\n script_tag(name:\"summary\", value:\"Check the version of avr-binutils\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"avr-binutils on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-14838\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"avr-binutils\", rpm:\"avr-binutils~2.24~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868801", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868801", "type": "openvas", "title": "Fedora Update for avr-binutils FEDORA-2014-14995", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for avr-binutils FEDORA-2014-14995\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868801\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:53:50 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\",\n \"CVE-2014-8738\", \"CVE-2014-8737\", \"CVE-2014-8485\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for avr-binutils FEDORA-2014-14995\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'avr-binutils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"avr-binutils on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-14995\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"avr-binutils\", rpm:\"avr-binutils~2.24~4.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868886", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868886", "type": "openvas", "title": "Fedora Update for arm-none-eabi-binutils-cs FEDORA-2014-14888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for arm-none-eabi-binutils-cs FEDORA-2014-14888\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868886\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 15:08:51 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\",\n \"CVE-2014-8738\", \"CVE-2014-8737\", \"CVE-2014-8485\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for arm-none-eabi-binutils-cs FEDORA-2014-14888\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'arm-none-eabi-binutils-cs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"arm-none-eabi-binutils-cs on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-14888\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"arm-none-eabi-binutils-cs\", rpm:\"arm-none-eabi-binutils-cs~2014.05.28~3.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "description": "Check the version of avr-binutils", "modified": "2019-03-15T00:00:00", "published": "2014-12-06T00:00:00", "id": "OPENVAS:1361412562310868554", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868554", "type": "openvas", "title": "Fedora Update for avr-binutils FEDORA-2014-14963", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for avr-binutils FEDORA-2014-14963\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868554\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-06 06:49:18 +0100 (Sat, 06 Dec 2014)\");\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\",\n \"CVE-2014-8738\", \"CVE-2014-8737\", \"CVE-2014-8485\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for avr-binutils FEDORA-2014-14963\");\n script_tag(name:\"summary\", value:\"Check the version of avr-binutils\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"avr-binutils on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-14963\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"avr-binutils\", rpm:\"avr-binutils~2.24~3.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868856", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868856", "type": "openvas", "title": "Fedora Update for mingw-binutils FEDORA-2014-17603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-binutils FEDORA-2014-17603\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868856\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 15:05:06 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\",\n \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mingw-binutils FEDORA-2014-17603\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-binutils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-binutils on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17603\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-binutils\", rpm:\"mingw-binutils~2.24~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8502", "CVE-2014-8503"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868831", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868831", "type": "openvas", "title": "Fedora Update for mingw-binutils FEDORA-2014-17586", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-binutils FEDORA-2014-17586\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868831\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:56:56 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\",\n \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mingw-binutils FEDORA-2014-17586\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-binutils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-binutils on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17586\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-binutils\", rpm:\"mingw-binutils~2.25~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "Oracle Linux Local Security Checks ELSA-2015-2079", "modified": "2018-09-28T00:00:00", "published": "2015-11-24T00:00:00", "id": "OPENVAS:1361412562310122749", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122749", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2079", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2079.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122749\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:24 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2079\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2079 - binutils security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2079\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2079.html\");\n script_cve_id(\"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\", \"CVE-2014-8484\", \"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.23.52.0.1~55.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.23.52.0.1~55.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "Multiple security issues have been\nfound in binutils, a toolbox for binary file manipulation. These vulnerabilities\ninclude multiple memory safety errors, buffer overflows, use-after-frees and\nother implementation errors may lead to the execution of arbitrary code, the\nbypass of security restrictions, path traversal attack or denial of service.", "modified": "2019-03-18T00:00:00", "published": "2015-01-09T00:00:00", "id": "OPENVAS:1361412562310703123", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703123", "type": "openvas", "title": "Debian Security Advisory DSA 3123-1 (binutils - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3123.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3123-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703123\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-8484\", \"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\",\n \"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\");\n script_name(\"Debian Security Advisory DSA 3123-1 (binutils - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-09 00:00:00 +0100 (Fri, 09 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3123.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"binutils on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.22-8+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.25-3.\n\nWe recommend that you upgrade your binutils packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been\nfound in binutils, a toolbox for binary file manipulation. These vulnerabilities\ninclude multiple memory safety errors, buffer overflows, use-after-frees and\nother implementation errors may lead to the execution of arbitrary code, the\nbypass of security restrictions, path traversal attack or denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"binutils\", ver:\"2.22-8+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"binutils-dev\", ver:\"2.22-8+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"binutils-doc\", ver:\"2.22-8+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"binutils-gold\", ver:\"2.22-8+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"binutils-multiarch\", ver:\"2.22-8+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"binutils-source\", ver:\"2.22-8+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"binutils-spu\", ver:\"2.22-8+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:14", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "**Issue Overview:**\n\nA directory traversal flaw was found in the strip and objcopy utilities. A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities.\n\nA buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility.\n\nAn integer overflow flaw was found in the way the strings utility processed certain files. If a user were tricked into running the strings utility on a specially crafted file, it could cause the strings executable to crash.\n\nA stack-based buffer overflow flaw was found in the SREC parser of the libbfd library. A specially crafted file could cause an application using the libbfd library to crash or, potentially, execute arbitrary code with the privileges of the user running that application.\n\nA heap-based buffer overflow flaw was found in the way certain binutils utilities processed archive files. If a user were tricked into processing a specially crafted archive file, it could cause the utility used to process that archive to crash or, potentially, execute arbitrary code with the privileges of the user running that utility.\n\nA stack-based buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility.\n\nA stack-based buffer overflow flaw was found in the way objdump processed IHEX files. A specially crafted IHEX file could cause objdump to crash or, potentially, execute arbitrary code with the privileges of the user running objdump.\n\nIt was found that the fix for the [CVE-2014-8485 __](<https://access.redhat.com/security/cve/CVE-2014-8485>) issue was incomplete: a heap-based buffer overflow in the objdump utility could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running objdump when processing specially crafted files.\n\n \n**Affected Packages:** \n\n\nbinutils\n\n \n**Issue Correction:** \nRun _yum update binutils_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n binutils-devel-2.23.52.0.1-55.65.amzn1.i686 \n binutils-debuginfo-2.23.52.0.1-55.65.amzn1.i686 \n binutils-2.23.52.0.1-55.65.amzn1.i686 \n \n src: \n binutils-2.23.52.0.1-55.65.amzn1.src \n \n x86_64: \n binutils-debuginfo-2.23.52.0.1-55.65.amzn1.x86_64 \n binutils-devel-2.23.52.0.1-55.65.amzn1.x86_64 \n binutils-2.23.52.0.1-55.65.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-12-14T10:00:00", "published": "2015-12-14T10:00:00", "id": "ALAS-2015-620", "href": "https://alas.aws.amazon.com/ALAS-2015-620.html", "title": "Medium: binutils", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "Multiple memory corruptions.", "edition": 1, "modified": "2015-01-14T00:00:00", "published": "2015-01-14T00:00:00", "id": "SECURITYVULNS:VULN:14215", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14215", "title": "GNU binutils multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3123-2 security@debian.org\r\nhttp://www.debian.org/security/ Thijs Kinkhorst\r\nJanuary 13, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : binutils-mingw-w64\r\nCVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 \r\n CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738\r\nDebian Bug : 775165\r\n\r\nIn DSA 3123 the binutils package was updated for several security issues.\r\nThis update adds rebuilt packages for binutils-mingw-w64, so these will\r\ntake advantage of the fixes. For reference the original advisory text\r\nfollows.\r\n\r\nMultiple security issues have been found in binutils, a toolbox for \r\nbinary file manipulation. These vulnerabilities include multiple memory \r\nsafety errors, buffer overflows, use-after-frees and other implementation \r\nerrors may lead to the execution of arbitrary code, the bypass of\r\nsecurity restrictions, path traversal attack or denial of service.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 2+deb7u1.\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your binutils-mingw-w64 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQEcBAEBAgAGBQJUtWghAAoJEFb2GnlAHawE2d0IAJqt0pbovGk5dCYfnnO1RYgq\r\n16Qs8zCwRYGhgg9DhByIIbA8Fd6xsMfE6Tq1ywo0e/lFFl11b2XZD7PwTNQdGPOx\r\njBH/IKMBJ4R+ryVgScjyR4yXdrjMCMKrnt4roM6E7ShUHA+SDw/dw6Nwu2jQBqa9\r\nxur3pFov9s/iAwLHI0J8ef/f1Du4va4/rlLlBzCyTR9C3PfuHY9QBCqSF3L5URoC\r\nqEDt/U0FmPVfdPnjlskBEGuEsKWthOI7j2CKGaFqXMugWxWn18N3ngW4ycZhN/gG\r\nuLWWbKngJUe0WGiDcuzqpyVX4Z6LIjsoMSspmWnN4MGi1XD3tUfN1gkR+bYw9d0=\r\n=y67/\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-01-14T00:00:00", "published": "2015-01-14T00:00:00", "id": "SECURITYVULNS:DOC:31616", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31616", "title": "[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:31", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "[2.23.52.0.1-55]\n- Add missing delta to patch that fixes parsing corrupted archives.\n (#1162666)\n[2.23.52.0.1-54]\n- Import patch for PR 18270: Create AArch64 GOT entries for local symbols.\n (#1238783)\n[2.23.52.0.1-51]\n- Fix incorrectly generated binaries and DSOs on PPC platforms.\n (#1247126)\n[2.23.52.0.1-50]\n- Fix memory corruption parsing corrupt archives.\n (#1162666)\n[2.23.52.0.1-49]\n- Fix directory traversal vulnerability.\n (#1162655)\n[2.23.52.0.1-48]\n- Fix stack overflow in SREC parser.\n (#1162621)\n[2.23.52.0.1-47]\n- Fix stack overflow whilst parsing a corrupt iHex file.\n (#1162607)\n[2.23.52.0.1-46]\n- Fix out of bounds memory accesses when parsing corrupt PE binaries.\n (#1162594, #1162570)\n[2.23.52.0.1-45]\n- Change strings program to default to -a. Fix problems parsing\n files containg corrupt ELF group sections. (#1157276)\n[2.23.52.0.1-44]\n- Avoid reading beyond function boundary when disassembling.\n (#1060282)\n- For binary ouput, we don't have an ELF bfd output so can't access\n elf_elfheader. (#1226864)\n[2.23.52.0.1-43]\n- Don't discard stap probe note sections on aarch64 (#1225091)\n[2.23.52.0.1-42]\n- Clamp maxpagesize at 1 (rather than 0) to avoid segfaults\n in the linker when passed a bogus max-page-size argument.\n (#1203449)\n[2.23.52.0.1-41]\n- Fixup bfd elf_link_add_object_symbols for ppc64 to prevent subsequent\n uninitialized accesses elsewhere. (#1172766)\n[2.23.52.0.1-40]\n- Minor testsuite adjustments for PPC changes in -38/-39.\n (#1183838)\n Fix md_assemble for PPC to handle arithmetic involving the TOC\n better. (#1183838)\n[2.23.52.0.1-39]\n- Fix ppc64: segv in libbfd (#1172766).\n[2.23.52.0.1-38]\n- Unconditionally apply ppc64le patches (#1183838).\n[2.23.52.0.1-37]\n- Andreas's backport of z13 and dependent fixes for s390,\n including tesetcase fix from Apr 27, 2015. (#1182153)\n[2.23.52.0.1-35]\n- Fixup testsuite for AArch64 (#1182111)\n- Add support for @localentry for LE PPC64 (#1194164)\n[2.23.52.0.1-34]\n- Do not install windmc(1) man page (#850832)\n[2.23.52.0.1-33]\n- Don't replace R_390_TLS_LE{32,64} with R_390_TLS_TPOFF for PIE\n (#872148)\n- Enable relro by default for arm and aarch64 (#1203449)\n- Backport 3 RELRO improvements for ppc64/ppc64le from upstream\n (#1175624)\n[2.23.52.0.1-31]\n- Backport upstream RELRO fixes. (#1200138)", "edition": 4, "modified": "2015-11-23T00:00:00", "published": "2015-11-23T00:00:00", "id": "ELSA-2015-2079", "href": "http://linux.oracle.com/errata/ELSA-2015-2079.html", "title": "binutils security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "- CVE-2014-8484 (invalid read)\nInvalid read flaw leads to denial of service while parsing specially\ncrafted files in programs using libbfd.\n\n- CVE-2014-8485 (out-of-bounds write)\nLack of range checking leading to controlled write in\n_bfd_elf_setup_sections() which results in denial of service or possible\ncode execution in programs using libbfd.\n\n- CVE-2014-8501 (out-of-bounds write)\nOut-of-bounds write when parsing specially crafted PE executable leads\nto denial of service in "strings", "nm" and "objdump".\n\n- CVE-2014-8502 (heap overflow)\nHeap buffer overflow when parsing specially crafted PE executable leads\nto denial of service in "objdump".\n\n- CVE-2014-8503 (stack overflow)\nStack overflow in "objdump" when parsing specially crafted ihex files\nleads to denial of service or code execution.\n\n- CVE-2014-8504 (stack overflow)\nStack overflow in the SREC parser leads to denial of service or code\nexecution when parsing specially crafted files.\n\n- CVE-2014-8737 (directory traversal)\nDirectory traversal vulnerability allowing arbitrary file deletion and\ncreation.\n\n- CVE-2014-8738 (out-of-bounds write)\nOut-of-bounds memory write while processing a crafted "ar" archive leads\nto denial of service in "objdump".", "modified": "2014-11-19T00:00:00", "published": "2014-11-19T00:00:00", "id": "ASA-201411-19", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html", "type": "archlinux", "title": "mingw-w64-binutils: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "- CVE-2014-8484 (invalid read)\nInvalid read flaw leads to denial of service while parsing specially\ncrafted files in programs using libbfd.\n\n- CVE-2014-8485 (out-of-bounds write)\nLack of range checking leading to controlled write in\n_bfd_elf_setup_sections() which results in denial of service or possible\ncode execution in programs using libbfd.\n\n- CVE-2014-8501 (out-of-bounds write)\nOut-of-bounds write when parsing specially crafted PE executable leads\nto denial of service in "strings", "nm" and "objdump".\n\n- CVE-2014-8502 (heap overflow)\nHeap buffer overflow when parsing specially crafted PE executable leads\nto denial of service in "objdump".\n\n- CVE-2014-8503 (stack overflow)\nStack overflow in "objdump" when parsing specially crafted ihex files\nleads to denial of service or code execution.\n\n- CVE-2014-8504 (stack overflow)\nStack overflow in the SREC parser leads to denial of service or code\nexecution when parsing specially crafted files.\n\n- CVE-2014-8737 (directory traversal)\nDirectory traversal vulnerability allowing arbitrary file deletion and\ncreation.\n\n- CVE-2014-8738 (out-of-bounds write)\nOut-of-bounds memory write while processing a crafted "ar" archive leads\nto denial of service in "objdump".", "modified": "2014-11-19T00:00:00", "published": "2014-11-19T00:00:00", "id": "ASA-201411-18", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html", "type": "archlinux", "title": "arm-none-eabi-binutils: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "- CVE-2014-8484 (invalid read)\nInvalid read flaw leads to denial of service while parsing specially\ncrafted files in programs using libbfd.\n\n- CVE-2014-8485 (out-of-bounds write)\nLack of range checking leading to controlled write in\n_bfd_elf_setup_sections() which results in denial of service or possible\ncode execution in programs using libbfd.\n\n- CVE-2014-8501 (out-of-bounds write)\nOut-of-bounds write when parsing specially crafted PE executable leads\nto denial of service in "strings", "nm" and "objdump".\n\n- CVE-2014-8502 (heap overflow)\nHeap buffer overflow when parsing specially crafted PE executable leads\nto denial of service in "objdump".\n\n- CVE-2014-8503 (stack overflow)\nStack overflow in "objdump" when parsing specially crafted ihex files\nleads to denial of service or code execution.\n\n- CVE-2014-8504 (stack overflow)\nStack overflow in the SREC parser leads to denial of service or code\nexecution when parsing specially crafted files.\n\n- CVE-2014-8737 (directory traversal)\nDirectory traversal vulnerability allowing arbitrary file deletion and\ncreation.\n\n- CVE-2014-8738 (out-of-bounds write)\nOut-of-bounds memory write while processing a crafted "ar" archive leads\nto denial of service in "objdump".", "modified": "2014-11-19T00:00:00", "published": "2014-11-19T00:00:00", "id": "ASA-201411-17", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html", "type": "archlinux", "title": "binutils: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "- CVE-2014-8484 (invalid read)\nInvalid read flaw leads to denial of service while parsing specially\ncrafted files in programs using libbfd.\n\n- CVE-2014-8485 (out-of-bounds write)\nLack of range checking leading to controlled write in\n_bfd_elf_setup_sections() which results in denial of service or possible\ncode execution in programs using libbfd.\n\n- CVE-2014-8501 (out-of-bounds write)\nOut-of-bounds write when parsing specially crafted PE executable leads\nto denial of service in "strings", "nm" and "objdump".\n\n- CVE-2014-8502 (heap overflow)\nHeap buffer overflow when parsing specially crafted PE executable leads\nto denial of service in "objdump".\n\n- CVE-2014-8503 (stack overflow)\nStack overflow in "objdump" when parsing specially crafted ihex files\nleads to denial of service or code execution.\n\n- CVE-2014-8504 (stack overflow)\nStack overflow in the SREC parser leads to denial of service or code\nexecution when parsing specially crafted files.\n\n- CVE-2014-8737 (directory traversal)\nDirectory traversal vulnerability allowing arbitrary file deletion and\ncreation.\n\n- CVE-2014-8738 (out-of-bounds write)\nOut-of-bounds memory write while processing a crafted "ar" archive leads\nto denial of service in "objdump".", "modified": "2014-11-19T00:00:00", "published": "2014-11-19T00:00:00", "id": "ASA-201411-20", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html", "type": "archlinux", "title": "avr-binutils: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-12-08T16:57:03", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "edition": 1, "description": "### Background\n\nThe GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process, cause a Denial of Service condition, or overwrite arbitrary files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Binutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/binutils-2.25\"", "modified": "2016-12-08T00:00:00", "published": "2016-12-08T00:00:00", "id": "GLSA-201612-24", "href": "https://security.gentoo.org/glsa/201612-24", "title": "Binutils: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:24", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3123-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nJanuary 09, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : binutils\nCVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 \n CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738\n\nMultiple security issues have been found in binutils, a toolbox for \nbinary file manipulation. These vulnerabilities include multiple memory \nsafety errors, buffer overflows, use-after-frees and other implementation \nerrors\nmay lead to the execution of arbitrary code, the bypass of security\nrestrictions, path traversal attack or denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.22-8+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.25-3.\n\nWe recommend that you upgrade your binutils packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-01-09T20:53:09", "published": "2015-01-09T20:53:09", "id": "DEBIAN:DSA-3123-1:FD2EF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00005.html", "title": "[SECURITY] [DSA 3123-1] binutils security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:28:16", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "Package : binutils\nVersion : 2.20.1-16+deb6u1\nCVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502\n CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738\n\nMultiple security issues have been found in binutils, a toolbox for\nbinary file manipulation. These vulnerabilities include multiple memory\nsafety errors, buffer overflows, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, the bypass of security\nrestrictions, path traversal attack or denial of service.\n", "edition": 7, "modified": "2015-03-28T18:45:29", "published": "2015-03-28T18:45:29", "id": "DEBIAN:DLA-184-1:1DB60", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201503/msg00021.html", "title": "[SECURITY] [DLA 184-1] binutils security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:08", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3123-2 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJanuary 13, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : binutils-mingw-w64\nCVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 \n CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738\nDebian Bug : 775165\n\nIn DSA 3123 the binutils package was updated for several security issues.\nThis update adds rebuilt packages for binutils-mingw-w64, so these will\ntake advantage of the fixes. For reference the original advisory text\nfollows.\n\nMultiple security issues have been found in binutils, a toolbox for \nbinary file manipulation. These vulnerabilities include multiple memory \nsafety errors, buffer overflows, use-after-frees and other implementation \nerrors may lead to the execution of arbitrary code, the bypass of\nsecurity restrictions, path traversal attack or denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your binutils-mingw-w64 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-01-13T18:49:09", "published": "2015-01-13T18:49:09", "id": "DEBIAN:DSA-3123-2:7EEDC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00009.html", "title": "[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:06", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2079\n\n\nThe binutils packages provide a set of binary utilities.\n\nMultiple buffer overflow flaws were found in the libbdf library used by\nvarious binutils utilities. If a user were tricked into processing a\nspecially crafted file with an application using the libbdf library, it\ncould cause the application to crash or, potentially, execute arbitrary\ncode. (CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503,\nCVE-2014-8504, CVE-2014-8738)\n\nAn integer overflow flaw was found in the libbdf library used by various\nbinutils utilities. If a user were tricked into processing a specially\ncrafted file with an application using the libbdf library, it could cause\nthe application to crash. (CVE-2014-8484)\n\nA directory traversal flaw was found in the strip and objcopy utilities.\nA specially crafted file could cause strip or objdump to overwrite an\narbitrary file writable by the user running either of these utilities.\n(CVE-2014-8737)\n\nThis update fixes the following bugs:\n\n* Binary files started by the system loader could lack the Relocation\nRead-Only (RELRO) protection even though it was explicitly requested when\nthe application was built. This bug has been fixed on multiple\narchitectures. Applications and all dependent object files, archives, and\nlibraries built with an alpha or beta version of binutils should be rebuilt\nto correct this defect. (BZ#1200138, BZ#1175624)\n\n* The ld linker on 64-bit PowerPC now correctly checks the output format\nwhen asked to produce a binary in another format than PowerPC. (BZ#1226864)\n\n* An important variable that holds the symbol table for the binary being\ndebugged has been made persistent, and the objdump utility on 64-bit\nPowerPC is now able to access the needed information without reading an\ninvalid memory region. (BZ#1172766)\n\n* Undesirable runtime relocations described in RHBA-2015:0974. (BZ#872148)\n\nThe update adds these enhancements:\n\n* New hardware instructions of the IBM z Systems z13 are now supported by\nassembler, disassembler, and linker, as well as Single Instruction,\nMultiple Data (SIMD) instructions. (BZ#1182153)\n\n* Expressions of the form: \"FUNC@localentry\" to refer to the local entry\npoint for the FUNC function (if defined) are now supported by the PowerPC\nassembler. These are required by the ELFv2 ABI on the little-endian variant\nof IBM Power Systems. (BZ#1194164)\n\nAll binutils users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/008331.html\n\n**Affected packages:**\nbinutils\nbinutils-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2079.html", "edition": 3, "modified": "2015-11-30T19:23:41", "published": "2015-11-30T19:23:41", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/008331.html", "id": "CESA-2015:2079", "title": "binutils security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8484", "CVE-2014-8485", "CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504", "CVE-2014-8737", "CVE-2014-8738"], "description": "The binutils packages provide a set of binary utilities.\n\nMultiple buffer overflow flaws were found in the libbdf library used by\nvarious binutils utilities. If a user were tricked into processing a\nspecially crafted file with an application using the libbdf library, it\ncould cause the application to crash or, potentially, execute arbitrary\ncode. (CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503,\nCVE-2014-8504, CVE-2014-8738)\n\nAn integer overflow flaw was found in the libbdf library used by various\nbinutils utilities. If a user were tricked into processing a specially\ncrafted file with an application using the libbdf library, it could cause\nthe application to crash. (CVE-2014-8484)\n\nA directory traversal flaw was found in the strip and objcopy utilities.\nA specially crafted file could cause strip or objdump to overwrite an\narbitrary file writable by the user running either of these utilities.\n(CVE-2014-8737)\n\nThis update fixes the following bugs:\n\n* Binary files started by the system loader could lack the Relocation\nRead-Only (RELRO) protection even though it was explicitly requested when\nthe application was built. This bug has been fixed on multiple\narchitectures. Applications and all dependent object files, archives, and\nlibraries built with an alpha or beta version of binutils should be rebuilt\nto correct this defect. (BZ#1200138, BZ#1175624)\n\n* The ld linker on 64-bit PowerPC now correctly checks the output format\nwhen asked to produce a binary in another format than PowerPC. (BZ#1226864)\n\n* An important variable that holds the symbol table for the binary being\ndebugged has been made persistent, and the objdump utility on 64-bit\nPowerPC is now able to access the needed information without reading an\ninvalid memory region. (BZ#1172766)\n\n* Undesirable runtime relocations described in RHBA-2015:0974. (BZ#872148)\n\nThe update adds these enhancements:\n\n* New hardware instructions of the IBM z Systems z13 are now supported by\nassembler, disassembler, and linker, as well as Single Instruction,\nMultiple Data (SIMD) instructions. (BZ#1182153)\n\n* Expressions of the form: \"FUNC@localentry\" to refer to the local entry\npoint for the FUNC function (if defined) are now supported by the PowerPC\nassembler. These are required by the ELFv2 ABI on the little-endian variant\nof IBM Power Systems. (BZ#1194164)\n\nAll binutils users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "modified": "2018-04-12T03:31:35", "published": "2015-11-19T19:38:00", "id": "RHSA-2015:2079", "href": "https://access.redhat.com/errata/RHSA-2015:2079", "type": "redhat", "title": "(RHSA-2015:2079) Moderate: binutils security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:58", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2014-8504", "CVE-2014-8738", "CVE-2014-8737", "CVE-2012-3509", "CVE-2014-8484", "CVE-2014-8502", "CVE-2014-8503"], "description": "Michal Zalewski discovered that the setup_group function in libbfd in \nGNU binutils did not properly check group headers in ELF files. An \nattacker could use this to craft input that could cause a denial \nof service (application crash) or possibly execute arbitrary code. \n(CVE-2014-8485)\n\nHanno B\u00f6ck discovered that the _bfd_XXi_swap_aouthdr_in function \nin libbfd in GNU binutils allowed out-of-bounds writes. An \nattacker could use this to craft input that could cause a denial \nof service (application crash) or possibly execute arbitrary code. \n(CVE-2014-8501)\n\nHanno B\u00f6ck discovered a heap-based buffer overflow in the \npe_print_edata function in libbfd in GNU binutils. An attacker \ncould use this to craft input that could cause a denial of service \n(application crash) or possibly execute arbitrary code. (CVE-2014-8502)\n\nAlexander Cherepanov discovered multiple directory traversal \nvulnerabilities in GNU binutils. An attacker could use this to craft \ninput that could delete arbitrary files. (CVE-2014-8737)\n\nAlexander Cherepanov discovered the _bfd_slurp_extended_name_table \nfunction in libbfd in GNU binutils allowed invalid writes when handling \nextended name tables in an archive. An attacker could use this to \ncraft input that could cause a denial of service (application crash) \nor possibly execute arbitrary code. (CVE-2014-8738)\n\nHanno B\u00f6ck discovered a stack-based buffer overflow in the ihex_scan \nfunction in libbfd in GNU binutils. An attacker could use this \nto craft input that could cause a denial of service (application \ncrash). (CVE-2014-8503)\n\nMichal Zalewski discovered a stack-based buffer overflow in the \nsrec_scan function in libbfd in GNU binutils. An attacker could \nuse this to to craft input that could cause a denial of service \n(application crash); the GNU C library's Fortify Source printf \nprotection should prevent the possibility of executing arbitrary code. \n(CVE-2014-8504)\n\nMichal Zalewski discovered that the srec_scan function in libbfd \nin GNU binutils allowed out-of-bounds reads. An attacker could \nuse this to craft input to cause a denial of service. This issue \nonly affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 \nLTS. (CVE-2014-8484)\n\nSang Kil Cha discovered multiple integer overflows in the \n_objalloc_alloc function and objalloc_alloc macro in binutils. This \ncould allow an attacker to cause a denial of service (application \ncrash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS. \n(CVE-2012-3509)\n\nAlexander Cherepanov and Hanno B\u00f6ck discovered multiple additional \nout-of-bounds reads and writes in GNU binutils. An attacker could use \nthese to craft input that could cause a denial of service (application \ncrash) or possibly execute arbitrary code. A few of these issues may \nbe limited in exposure to a denial of service (application abort) \nby the GNU C library's Fortify Source printf protection.\n\nThe strings(1) utility in GNU binutils used libbfd by default when \nexamining executable object files; unfortunately, libbfd was not \noriginally developed with the expectation of hostile input. As \na defensive measure, the behavior of strings has been changed to \ndefault to 'strings --all' behavior, which does not use libbfd; use \nthe new argument to strings, '--data', to recreate the old behavior.", "edition": 5, "modified": "2015-02-09T00:00:00", "published": "2015-02-09T00:00:00", "id": "USN-2496-1", "href": "https://ubuntu.com/security/notices/USN-2496-1", "title": "GNU binutils vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:34:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6131", "CVE-2016-2226", "CVE-2014-8501", "CVE-2016-4490", "CVE-2016-4489", "CVE-2014-9939", "CVE-2016-4491", "CVE-2016-4487", "CVE-2016-4488", "CVE-2016-4492", "CVE-2016-4493"], "description": "Hanno B\u00f6ck discovered that gdb incorrectly handled certain malformed AOUT \nheaders in PE executables. If a user or automated system were tricked into \nprocessing a specially crafted binary, a remote attacker could use this \nissue to cause gdb to crash, resulting in a denial of service, or possibly \nexecute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. \n(CVE-2014-8501)\n\nIt was discovered that gdb incorrectly handled printing bad bytes in Intel \nHex objects. If a user or automated system were tricked into processing a \nspecially crafted binary, a remote attacker could use this issue to cause \ngdb to crash, resulting in a denial of service. This issue only applied to \nUbuntu 14.04 LTS. (CVE-2014-9939)\n\nIt was discovered that gdb incorrectly handled certain string operations. \nIf a user or automated system were tricked into processing a specially \ncrafted binary, a remote attacker could use this issue to cause gdb to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n(CVE-2016-2226)\n\nIt was discovered that gdb incorrectly handled parsing certain binaries. If \na user or automated system were tricked into processing a specially crafted \nbinary, a remote attacker could use this issue to cause gdb to crash, \nresulting in a denial of service. This issue only applied to Ubuntu 14.04 \nLTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, \nCVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131)\n\nIt was discovered that gdb incorrectly handled parsing certain binaries. If \na user or automated system were tricked into processing a specially crafted \nbinary, a remote attacker could use this issue to cause gdb to crash, \nresulting in a denial of service. (CVE-2016-4491)", "edition": 5, "modified": "2017-07-26T00:00:00", "published": "2017-07-26T00:00:00", "id": "USN-3367-1", "href": "https://ubuntu.com/security/notices/USN-3367-1", "title": "gdb vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:14:35", "description": "Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.", "edition": 6, "cvss3": {}, "published": "2014-12-09T23:59:00", "title": "CVE-2014-8502", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8502"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:gnu:binutils:2.24", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-8502", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8502", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gnu:binutils:2.24:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:14:35", "description": "Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.", "edition": 6, "cvss3": {}, "published": "2014-12-09T23:59:00", "title": "CVE-2014-8737", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8737"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:gnu:binutils:2.24", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-8737", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8737", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gnu:binutils:2.24:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:14:35", "description": "The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.", "edition": 6, "cvss3": {}, "published": "2014-12-09T23:59:00", "title": "CVE-2014-8485", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8485"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:gnu:binutils:2.24", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-8485", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8485", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gnu:binutils:2.24:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:14:35", "description": "The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.", "edition": 6, "cvss3": {}, "published": "2015-01-15T15:59:00", "title": "CVE-2014-8738", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8738"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:gnu:binutils:2.24", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-8738", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8738", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gnu:binutils:2.24:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:14:35", "description": "The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.", "edition": 6, "cvss3": {}, "published": "2014-12-09T23:59:00", "title": "CVE-2014-8501", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8501"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:gnu:binutils:2.24", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-8501", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gnu:binutils:2.24:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:14:35", "description": "Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.", "edition": 6, "cvss3": {}, "published": "2014-12-09T23:59:00", "title": "CVE-2014-8503", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8503"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:gnu:binutils:2.24", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-8503", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8503", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gnu:binutils:2.24:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:14:35", "description": "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.", "edition": 6, "cvss3": {}, "published": "2014-12-09T23:59:00", "title": "CVE-2014-8504", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8504"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:gnu:binutils:2.24", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-8504", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8504", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gnu:binutils:2.24:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:33:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503"], "description": "\nUS-CERT/NIST reports:\n\nThe _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU\n\t binutils 2.24 and earlier allows remote attackers to cause a\n\t denial of service (out-of-bounds write) and possibly have other\n\t unspecified impact via a crafted NumberOfRvaAndSizes field in the\n\t AOUT header in a PE executable.\n\nUS-CERT/NIST reports:\n\nHeap-based buffer overflow in the pe_print_edata function in\n\t bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote\n\t attackers to cause a denial of service (crash) and possibly have\n\t other unspecified impact via a truncated export table in a PE\n\t file.\n\nUS-CERT/NIST reports:\n\nStack-based buffer overflow in the ihex_scan function in\n\t bfd/ihex.c in GNU binutils 2.24 and earlier allows remote\n\t attackers to cause a denial of service (crash) and possibly have\n\t other unspecified impact via a crafted ihex file.\n\n", "edition": 4, "modified": "2016-01-08T00:00:00", "published": "2014-12-09T00:00:00", "id": "F6A014CD-D268-11E4-8339-001E679DB764", "href": "https://vuxml.freebsd.org/freebsd/f6a014cd-d268-11e4-8339-001e679db764.html", "title": "GNU binutils -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "software", "cvelist": ["CVE-2016-6131", "CVE-2016-2226", "CVE-2014-8501", "CVE-2016-4490", "CVE-2016-4489", "CVE-2014-9939", "CVE-2016-4491", "CVE-2016-4487", "CVE-2016-4488", "CVE-2016-4492", "CVE-2016-4493"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nHanno B\u00f6ck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. ([CVE-2014-8501](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8501>))\n\nIt was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. ([CVE-2014-9939](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9939>))\n\nIt was discovered that gdb incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. ([CVE-2016-2226](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2226>))\n\nIt was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. ([CVE-2016-4487](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4487>), [CVE-2016-4488](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4488>), [CVE-2016-4489](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4489>), [CVE-2016-4490](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4490>), [CVE-2016-4492](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4492>), [CVE-2016-4493](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4493>), [CVE-2016-6131](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6131>))\n\nIt was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. ([CVE-2016-4491](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4491>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3312.x versions prior to 3312.32\n * 3363.x versions prior to 3363.29\n * 3421.x versions prior to 3421.18\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.142.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3312.x versions prior to 3312.32\n * Upgrade 3363.x versions prior to 3363.29\n * Upgrade 3421.x versions prior to 3421.18\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.142.0 or later.\n\n# References\n\n * [USN-3367-1](<http://www.ubuntu.com/usn/usn-3367-1/>)\n * [CVE-2014-8501](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8501>)\n * [CVE-2014-9939](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9939>)\n * [CVE-2016-2226](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2226>)\n * [CVE-2016-4487](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4487>)\n * [CVE-2016-4488](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4488>)\n * [CVE-2016-4489](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4489>)\n * [CVE-2016-4490](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4490>)\n * [CVE-2016-4492](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4492>)\n * [CVE-2016-4493](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4493>)\n * [CVE-2016-6131](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6131>)\n * [CVE-2016-4491](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4491>)\n", "edition": 5, "modified": "2017-08-04T00:00:00", "published": "2017-08-04T00:00:00", "id": "CFOUNDRY:618EDC5959D9448F0298624DD413FFCF", "href": "https://www.cloudfoundry.org/blog/usn-3367-1/", "title": "USN-3367-1: gdb vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
