Lucene search

K

Gentoo FoundationGLSA-201612-24

HistoryDec 08, 2016 - 12:00 a.m.

Binutils: Multiple vulnerabilities

2016-12-0800:00:00

Gentoo Foundation

security.gentoo.org

33

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.9%

Background

The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.

Description

Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process, cause a Denial of Service condition, or overwrite arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All Binutils users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.25"

OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-devel/binutils< 2.25UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.9%

Related for GLSA-201612-24

nessus24 openvas23 redhat1 ibm3 centos1 archlinux4 securityvulns2 debian3 fedora10 oraclelinux1 osv2 mageia2 amazon1 ubuntu2 freebsd1 veracode8 prion8 cve8 ubuntucve8 debiancve8 cloudfoundry1 photon2