Vulners
Lucene search
Oracle Linux 9 : binutils (ELSA-2025-23343)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2025-23343.
##
include('compat.inc');
if (description)
{
script_id(279460);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/03");
script_cve_id("CVE-2025-11083");
script_xref(name:"IAVA", value:"2025-A-0890-S");
script_name(english:"Oracle Linux 9 : binutils (ELSA-2025-23343)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the
ELSA-2025-23343 advisory.
- Merge Oracle patches to 2.35.2-67.1.
- CVE-2025-11083
- Reviewed-by: David Faust <[email protected]>
Oracle history:
September-24-2025 Bruce McCulloch <[email protected]> - 2.35.2-67.0.1
- Merge Oracle patches to 2.35.2-66.
- Reviewed-by: Jose E. Marchesi <[email protected]>
September-5-2025 Bruce McCulloch <[email protected]> - 2.35.2-66.0.1
- Merge Oracle patches to 2.35.2-66.
- Reviewed-by: Jose E. Marchesi <[email protected]>
August-4-2025 Bruce McCulloch <[email protected]> - 2.35.2-65.0.1
- Merge Oracle patches to 2.35.2-65.
- Reviewed-by: Jose E. Marchesi <[email protected]>
April-10-2025 Bruce McCulloch <[email protected]> - 2.35.2-63.0.1
- Merge Oracle patches to 2.35.2-63.
- Reviewed-by: Jose E. Marchesi <[email protected]>
January-10-2025 Bruce McCulloch <[email protected]> - 2.35.2-55.0.1
- Forward-port Oracle patches to 2.35.2-55.
- Refresh CTF patches
March-27-2024 Jose E. Marchesi <[email protected]> - 2.35.2-43.0.1
- Forward-port Oracle patches to 2.35.2-43.
March-07-2024 Jose E. Marchesi <[email protected]> - 2.35.2-42.0.2.1
- Do not set version info on unversion symbols. (RHEL-22601)
- Reviewed by: Elena Zannoni <[email protected]>
February-06-2024 Nick Alcock <[email protected]> - 2.35.2-42.0.2
- Refresh CTF patches from upstream (2.42).
- Fix more cases where operations on child dicts could leave errors on
the parent, this time associated with CTF dict creation (upstream PR
libctf/30985).
- Fix the cu-mapped link feature (not exposed by GNU ld) to use only
the last mapping provided for a given translation unit, rather than a
random mix of first and last
- Fix dependencies of libctf.so and libctf-nobfd.so to cite the libraries
the code actually depends on. (Fixes observed link problems with
libctf-nobfd.so needing extra libraries on the link line versus upstream:
libctf.so changes done purely for consistency.)
- Add upstream commit 2e93abb858ae, allowing NONE relocs against local absolute
symbols on x86-64. (Upstream PR ld/31047).
October-10-2023 Jose E. Marchesi <[email protected]> - 2.35.2-42.0.1
- Forward-port Oracle patches to 2.35.2-42.
August-04-2023 Nick Alcock <[email protected]> - 2.35.2-37.0.2
- Refresh CTF patches from upstream.
- Avoid spurious corruption error with symtypetab section emitted by old OL8 GCCs
- Various obscure install-time linking problems
- Make objdump/readelf --ctf parameter optional; make objdump --ctf-parent take
a CTF member name, not a section name
- Improve dumping of types when some types elicit a libctf error
- Put functions as well as variables in the (misnamed) CTF variable section
- Improve handling of various forms of corrupted CTF input.
- Fix errors in comments in <ctf.h> and <ctf-api.h>
- Make CTF dicts reproducible even when conflicting types are seen
- Prevent corruption of output when linking multiple object files derived from
the same source
- Minor compiler warning and portability fixes
- Fix (unlikely) crash-inducing uninitialized memory access and wild
pointer overwrite when linking
- Fix the reported offsets of fields within unnamed structs/unions
[Orabug: 35191322]
- Fix a number of places where operations carried out on child dicts
that errored were producing errors on the parent, not the child,
so the caller never noticed them
March-28-2023 Guillermo E. Martinez <[email protected]> - 2.35.2-37.0.1
- Forward-port Oracle patches from 2.35.2-24.0.1
- Reviewed-by: Jose E. Marchesi <[email protected]>
April-25-2022 David Faust <[email protected]> - 2.35.2-17.0.1
- Forward-port Oracle patches from 2.35.2-9.0.1 to 2.35.2-17.0.1
- Reviewed-by: Jose E. Marchesi <[email protected]>
November-23-2021 David Faust <[email protected]> - 2.35.2-9.0.1
- Enable libctf
- Backport all CTF improvements since 2.35.2 release, upstream commits:
6ab5b6d0f3a libctf, lookup: fix bounds of pptrtab lookup
e695879142a libctf, testsuite: fix various warnings in tests
b62d5edd0a5 libctf: fix handling of CTF symtypetab sections emitted by older GCC
ea9c2009115 libctf: try several possibilities for linker versioning flags
bef9ef8ca0f libtool.m4: fix nm BSD flag detection
bc4b1401129 libtool.m4: augment symcode for Solaris 11
7d53105d6ed libctf: link against libiberty before linking in libbfd or libctf-nobfd
ae064303efe libctf, ld: fix test results for upstream GCC
49da556c658 libctf, include: support an alternative encoding for nonrepresentable types
8592be8c7d3 ld: do not rely on the exact size of the CTF symtypetabs in test results
8f7b22ea2a9 libctf: fix ELF-in-BFD checks in the presence of ASAN
15131809c23 libctf: fix memory leak in a test
0bd65ce30a8 libctf: don't dereference out-of-bounds locations in the qualifier hashtab
5226ef61131 libctf: make ctf_bfdopen_ctfsect a debugger entry point
86f64bf43f7 libctf, serialize: functions with no args have a NULL dtd_vlen
24c877f9b19 include: always do unsigned left-shift in CTF_SET_STID
485170cdb1b libctf, dump: do not emit size or alignment if it would error
e93388417c1 Provide an inline startswith function in bfd.h
69a284867c7 libctf: support encodings for enums
e4c78f303df libctf: a couple of small error-handling fixes
d7b1416ef2c libctf: types: unify code dealing with small-vs-large struct members
08c428aff4a libctf: eliminate dtd_u, part 5: structs / unions
77d724a7ecd libctf: eliminate dtd_u, part 4: enums
986e9e3aa03 libctf: do not corrupt strings across ctf_serialize
2a05d50e90c libctf: don't lose track of all valid types upon serialization
755ba58ebef Add install dependencies for ld -> bfd and libctf -> bfd
81982d20fac libctf: eliminate dtd_u, part 3: functions
534444b1ee1 libctf: eliminate dtd_u, part 2: arrays
7879dd88efd libctf: eliminate dtd_u, part 1: int/float/slice
eefe721eadf libctf: fix GNU style for do {} while
b9a964318a7 libctf: split up ctf_serialize
01cbfcba4bc libctf: fix comment above ctf_dict_t
bf4c3185a5a libctf: split serialization and file writeout into its own file
087945261c7 libctf: fix some tabdamage and move some code around
211bcd01333 bfd, ld, libctf: skip zero-refcount strings in CTF string reporting
8e7e446446b libctf: free ctf_dynsyms properly
cf6a0b989a5 libctf: fix signed/unsigned comparison confusion
4659554b280 libctf: minor error-handling fixes
f5060e56338 libctf: add a deduplicator-specific type mapping table
478c04a55ee libctf: remove reference to 'unconflicted link mode'.
8915c559d40 libctf, include: remove the nondeduplicating CTF linker
fd12633780a libctf: fix ChangeLog date
ac36e134d96 libctf: reimplement many _iter iterators in terms of _next
eaa2913a7ac libctf: ctf_archive_next should set the parent name consistently
93993f67849 libctf AC_CANONICAL_TARGET
f4f60336dae libctf, include: find types of symbols by name
758f590744b libctf: add missing header in BFD ELF check
cbd8f5bbcc8 libctf: require a Tcl capable of try/catch to run tests
95148614026 bfd, opcodes, libctf: support --with-included-gettext
ee87f50b8d2 libctf: always name nameless types '', never NULL
5dacd11ddcf libctf: fix uninitialized variable in symbol serialization error handling
caa170493e8 libctf: prohibit nameless ints, floats, typedefs and forwards
78f28b89e8c libctf: rip out dead code handling typedefs with no name
35a01a04544 libctf, ld: fix symtypetab and var section population under ld -r
f04ce15e831 ld: depend on libctf
26503e2f5ea libctf, create: fix ctf_type_add of structs with unnamed members
e05a3e5a491 libctf: lookup_by_name: do not return success for nonexistent pointer types
0814dbfbfcc libctf, testsuite: adjust for real return type of ctf_member_count
70d3120f322 libctf, testsuite: don't run without a suitable compiler
b4b6ea46807 libctf, ld: fix formatting of forwards to unions and enums
abe4ca69a11 libctf: fix lookups of pointers by name in parent dicts
8769046e5a9 libctf: remove outdated comment about parent dict importing
6c3a38777b3 libctf, include: support unnamed structure members better
abed0b0718a libctf: warn about information loss because of unreleased format changes
9bc769718db libctf: new test of enum lookups with the _next iterator
c59e30ed172 libctf: new testsuite
1038406a8f6 libctf: rip out BFD_DEPENDENCIES / BFD_LIBADD
37002871ac2 libctf, ld: dump enums: generally improve dump formatting
ffeece6ac2d libctf, ld: prohibit getting the size or alignment of forwards
91e7ce2fd7b libctf, ld: more dumper improvements
57f97d0e6dd libctf, ld: CTF dumper changes for consistency
b09ad6eae98 libctf: do not print array declarators backwards
a7c23ac9317 In libctf, make AC_CONFIG_MACRO_DIR consistent with ACLOCAL_AMFLAGS
e8cda209052 libctf: Pass format argument to asprintf
96c61be508f binutils: readelf: support CTF dicts with non-native-endian symtabs
53651de80f8 libctf, include: support foreign-endianness symtabs with CTF
ef21dd3bcff libctf: do not crash when CTF symbol or variable linking fails
8f235c90a28 libctf: error-handling fixes
97a2a623d01 libctf, include: add ctf_getsymsect and ctf_getstrsect
2c78e92523a libctf, include: CTF-archive-wide symbol lookup
0e28ade476e libctf, ld: properly deduplicate function types
0ad70c536ab ld, ctf: new and adjusted CTF tests due to func info / object data sections
4665e895c37 libctf: adjust dumper for symtypetab changes
1136c379718 libctf: symbol type linking support
3d16b64e28a bfd, include, ld, binutils, libctf: CTF should use the dynstr/sym
83d59285d54 objdump, readelf: Report errors from CTF archive iteration
ae41200ba80 libctf, include, binutils, gdb: rename CTF-opening functions
139633c307e libctf, include, binutils, gdb, ld: rename ctf_file_t to ctf_dict_t
0d01fbe64f6 Remove libctf/mkerrors.sed
5e9b84f7a2e binutils, ld: dequote libctf error messages
926c9e76657 libctf, binutils, include, ld: gettextize and improve error handling
555adca2e3b libctf: compilation failure on MinGW due to missing errno values
50500ecfefd libctf: compilation failure on MinGW due to missing errno values
8c419a91d76 libctf: fixes for systems on which sizeof (void *) > sizeof (long)
734c894234e libctf: fix isspace casts
4533ed564d6 libctf, binutils: fix big-endian libctf archive opening
62cdd7b18fc ld, testsuite: do not run CTF tests at all on non-ELF for now
fa03171fb46 ld: do not produce one empty output .ctf section for every input .ctf
7cdfc3462fb ld, testsuite: only run CTF tests when ld and GCC support CTF
b1b33524ad3 ld: new CTF testsuite
0b884151088 binutils, testsuite: allow compilation before doing run_dump_test
5dba6f05b7b ld: new options --ctf-variables and --ctf-share-types
f320bba50ff ld: Reformat CTF errors into warnings.
3dd6b890b4e binutils: objdump: ctf: drop incorrect linefeeds
662df3c3f14 libctf, link: tie in the deduplicating linker
e3e8411bec4 libctf, link: add CTF_LINK_OMIT_VARIABLES_SECTION
0f0c11f7fc9 libctf, dedup: add deduplicator
a9b98702066 libctf, dedup: add new configure option --enable-libctf-hash-debugging
1f2e8b5b87d libctf: add SHA-1 support for libctf
6dd2819ffc2 libctf, link: add the ability to filter out variables from the link
19d4b1addca libctf, link: fix spurious conflicts of variables in the variable section
5f54462c6ab libctf, link: redo cu-mapping handling
e3f17159e26 libctf, link: fix ctf_link_write fd leak
8d2229ad1e7 libctf, link: add lazy linking: clean up input members: err/warn cleanup
e148b730131 libctf: drop error-prone ctf_strerror
1fa7a0c24e7 libctf: sort out potential refcount loops
3166467b00a libctf: rename the type_mapping_key to type_key
43a61d7d3e6 libctf: check for vasprintf
ac2ff760303 libctf, archive: fix bad error message
d50c08025d4 libctf, open: fix opening CTF in binaries with no symtab
70447401740 libctf, dump: fix slice dumping
8e795b46f58 libctf, dump: migrate towards dumping errors rather than truncation
b255b35feb8 libctf, decl: avoid leaks of the formatted string on error
c6e9a1e576c libctf, types: enhance ctf_type_aname to print function arg types
8b37e7b63ed libctf, ld, binutils: add textual error/warning reporting for libctf
b7190c821e5 libctf, types: ensure the emission of ECTF_NOPARENT
ec388c16cd4 libctf: error out on corrupt CTF with invalid header flags
67d4cc671b7 libctf: pass the thunk down properly when wrapping qsort_r
e28591b3dfc libctf, next, hash: add dynhash and dynset _next iteration
688d28f6214 libctf, next: introduce new class of easier-to-use iterators
2399827bfa1 libctf: add ctf_ref
9850ce4d7bb libctf: add ctf_forwardable_kind
2c9ca36be17 libctf: move existing inlines into ctf-inlines.h
77648241384 libctf, hash: introduce the ctf_dynset
a49c6c6a656 libctf, hash: save per-item space when no key/item freeing function
5ceee3dba34 libctf, hash: improve insertion of existing keys into dynhashes
809f6eb3321 libctf: add new dynhash functions
469e75b621f libctf: fix __extension__ with non-GNU C compilers
9c23dfa5aa4 libctf: add ctf_archive_count
e0325e2cede libctf: add ctf_member_count
9b15cbb7891 libctf: add ctf_type_kind_forwarded
01d9317436c libctf: add ctf_type_name_raw
5ec7465fec8 libctf: having debugging enabled is unlikely
601e455b758 libctf, archive: stop ctf_arc_bufopen triggering crazy unmaps
96e3ec29664 libctf, types: ints, floats and typedefs with no name are invalid
502e838ed96 libctf, types: support slices of anything terminating in an int
dd987f00430 libctf, create: empty dicts are dirty to start with
f47ca311356 libctf, create: fix addition of anonymous struct/union members
ab769488e75 libctf, create: member names of '' and NULL should be the same
2484ca436ac libctf, open: drop unnecessary historical wart around forwards
437061996d8 libctf, types: allow ctf_type_reference of dynamic slices
9943fa3a732 libctf, create: add explicit casts for variables' and slices' types
afd78bd6f0a libctf, create: do not corrupt function types' arglists at insertion time
2361f1c8591 libctf, create: support addition of references to the unimplemented type
7eea9d3bdb0 libctf: restructure error handling to reduce relocations
b64751cf0bc include, libctf: typo fixes
df16e041dea Fix problems in CTF handling code exposed by the Coverity static analysis tool.
- Reviewed-by: Jose E. Marchesi <[email protected]>
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2025-23343.html");
script_set_attribute(attribute:"solution", value:
"Update the affected binutils, binutils-devel and / or binutils-gold packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-11083");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/27");
script_set_attribute(attribute:"patch_publication_date", value:"2025/12/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:9");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:9:7:baseos_patch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:binutils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:binutils-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:binutils-gold");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_product)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
if (! preg(pattern:"^9([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Oracle Linux 9.x', 'Oracle Linux ' + os_version);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var constraints = [
{
'release': '9',
'pkgs': [
{'reference':'binutils-2.35.2-67.0.1.el9_7.1', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-devel-2.35.2-67.0.1.el9_7.1', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-gold-2.35.2-67.0.1.el9_7.1', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-2.35.2-67.0.1.el9_7.1', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-devel-2.35.2-67.0.1.el9_7.1', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-2.35.2-67.0.1.el9_7.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-devel-2.35.2-67.0.1.el9_7.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-gold-2.35.2-67.0.1.el9_7.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel / binutils-gold');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Mar 2026 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.15.3 - 7.8
CVSS 24.3
CVSS 44.8
CVSS 35.3
EPSS0.00026
SSVC