Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.

Summary

GNU Binutils is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2019-9070
**DESCRIPTION:**GNU Binutils is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the d_expression_1 function in cp-demangle.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157912 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-9071
**DESCRIPTION:**GNU Binutils is vulnerable to a stack-based buffer overflow, caused by a stack consumption flaw in the d_count_templates_scopes function in cp-demangle.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157913 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

To resolve the reported CVEs on following platforms :
PureData System for Analytics N3001
PureData System for Analytics N200x

Update to the following IBM Netezza Platform Software Release :

Workarounds and Mitigations

None