{"id": "REDHAT-RHSA-2018-3032.NASL", "bulletinFamily": "scanner", "title": "RHEL 7 : binutils (RHSA-2018:3032)", "description": "An update for binutils is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe binutils packages provide a collection of binary utilities for the\nmanipulation of object code in various object file formats. It\nincludes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf,\nsize, strings, strip, and addr2line utilities.\n\nSecurity Fix(es) :\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux()\nallows for denial of service when parsing a crafted COFF file\n(CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug\ninformation in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a\ncorrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in\naoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function\nresulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted\nexecutable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in\ndwarf.c:process_cu_tu_index() allows for denial of service via crafted\nfile (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename()\nallows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files\n(CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm\n(CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section.", "published": "2018-10-31T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/118514", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2018-10534", "https://access.redhat.com/errata/RHSA-2018:3032", "https://access.redhat.com/security/cve/cve-2018-7208", "https://access.redhat.com/security/cve/cve-2018-10372", "https://access.redhat.com/security/cve/cve-2018-7643", "https://access.redhat.com/security/cve/cve-2018-13033", "https://access.redhat.com/security/cve/cve-2018-7568", "https://access.redhat.com/security/cve/cve-2018-7642", "https://access.redhat.com/security/cve/cve-2018-10373", "http://www.nessus.org/u?3395ff0b", "https://access.redhat.com/security/cve/cve-2018-7569", "https://access.redhat.com/security/cve/cve-2018-10535", "https://access.redhat.com/security/cve/cve-2018-8945"], "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "type": "nessus", "lastseen": "2021-02-01T05:42:02", "edition": 21, "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K72122162", "F5:K01152385", "F5:K20503360", "F5:K62553631"]}, {"type": "centos", "idList": ["CESA-2018:3032"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3032"]}, {"type": "redhat", "idList": ["RHSA-2018:3032"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1138.NASL", "EULEROS_SA-2018-1426.NASL", "CENTOS_RHSA-2018-3032.NASL", "SL_20181030_BINUTILS_ON_SL7_X.NASL", "EULEROS_SA-2019-1219.NASL", "EULEROS_SA-2019-1377.NASL", "EULEROS_SA-2019-1019.NASL", "EULEROS_SA-2018-1400.NASL", "NEWSTART_CGSL_NS-SA-2019-0060_BINUTILS.NASL", "ORACLELINUX_ELSA-2018-3032.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191431", "OPENVAS:1361412562311220191377", "OPENVAS:1361412562311220191219", "OPENVAS:1361412562310852051", "OPENVAS:1361412562311220181154", "OPENVAS:1361412562311220181400", "OPENVAS:1361412562311220191019", "OPENVAS:1361412562311220181098", "OPENVAS:1361412562311220181099", "OPENVAS:1361412562311220181426"]}, {"type": "amazon", "idList": ["ALAS2-2019-1138"]}, {"type": "cve", "idList": ["CVE-2018-7569", "CVE-2018-7643", "CVE-2018-7208", "CVE-2018-7642", "CVE-2018-7568", "CVE-2018-13033", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-10372", "CVE-2018-10534"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2432-1", "OPENSUSE-SU-2018:3323-1", "OPENSUSE-SU-2019:2415-1", "OPENSUSE-SU-2018:3223-1"]}, {"type": "gentoo", "idList": ["GLSA-201908-01", "GLSA-201811-17"]}, {"type": "ubuntu", "idList": ["USN-4336-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"]}], "modified": "2021-02-01T05:42:02", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-02-01T05:42:02", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3032. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118514);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-13033\", \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-7643\", \"CVE-2018-8945\");\n script_xref(name:\"RHSA\", value:\"2018:3032\");\n\n script_name(english:\"RHEL 7 : binutils (RHSA-2018:3032)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for binutils is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe binutils packages provide a collection of binary utilities for the\nmanipulation of object code in various object file formats. It\nincludes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf,\nsize, strings, strip, and addr2line utilities.\n\nSecurity Fix(es) :\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux()\nallows for denial of service when parsing a crafted COFF file\n(CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug\ninformation in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a\ncorrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in\naoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function\nresulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted\nexecutable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in\ndwarf.c:process_cu_tu_index() allows for denial of service via crafted\nfile (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename()\nallows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files\n(CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm\n(CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:3032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-7208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-7568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-7569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-7642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-7643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-8945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-13033\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected binutils, binutils-debuginfo and / or\nbinutils-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3032\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"binutils-2.27-34.base.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"binutils-2.27-34.base.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"binutils-debuginfo-2.27-34.base.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"binutils-devel-2.27-34.base.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-debuginfo / binutils-devel\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "118514", "cpe": ["p-cpe:/a:redhat:enterprise_linux:binutils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:binutils", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:binutils-devel"], "scheme": null, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}

{"f5": [{"lastseen": "2020-04-06T22:40:04", "bulletinFamily": "software", "cvelist": ["CVE-2018-7569", "CVE-2018-10373"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-07-23T22:50:00", "published": "2018-07-23T22:50:00", "id": "F5:K72122162", "href": "https://support.f5.com/csp/article/K72122162", "title": "Binutils vulnerabilities CVE-2018-7569 and CVE-2018-10373", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2018-13033"], "description": "\nF5 Product Development has assigned CPF-24949 and CPF-24950 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 13.x | None | Not applicable | Not vulnerable | None | None \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [2.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L>) | BinUtils \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n", "edition": 1, "modified": "2018-07-24T01:23:00", "published": "2018-07-24T01:23:00", "id": "F5:K20503360", "href": "https://support.f5.com/csp/article/K20503360", "title": "Binutils vulnerability CVE-2018-13033", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-06T22:39:20", "bulletinFamily": "software", "cvelist": ["CVE-2018-7570", "CVE-2018-9996", "CVE-2018-10372"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-07-23T22:56:00", "published": "2018-07-23T22:56:00", "id": "F5:K62553631", "href": "https://support.f5.com/csp/article/K62553631", "title": "Binutils vulnerabilities CVE-2018-7570, CVE-2018-9996, and CVE-2018-10372", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-06T22:39:29", "bulletinFamily": "software", "cvelist": ["CVE-2018-12698", "CVE-2018-12697", "CVE-2018-12699", "CVE-2018-12700", "CVE-2018-8945"], "description": "\nF5 Product Development has assigned CPF-24951 and CPF-24952 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 13.x | None | Not applicable | Not vulnerable | None | None \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [3.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L>) | BinUtils \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n", "edition": 1, "modified": "2018-07-24T00:44:00", "published": "2018-07-24T00:44:00", "id": "F5:K01152385", "href": "https://support.f5.com/csp/article/K01152385", "title": "Binutils vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "**CentOS Errata and Security Advisory** CESA-2018:3032\n\n\nThe binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function resulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm (CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005330.html\n\n**Affected packages:**\nbinutils\nbinutils-devel\n\n**Upstream details at:**\n", "edition": 3, "modified": "2018-11-15T18:43:31", "published": "2018-11-15T18:43:31", "id": "CESA-2018:3032", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005330.html", "title": "binutils security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "[2.27-34.base.0.1]\n- Backport of upstream commit a5def14f1ca70e14d9433cb229c9369fa3051598\n Add a test for R_386_GOT32/R_386_GOT32X IFUNC reloc error [Orabug 27930573]\n[2.27-34.base]\n- Fix seg-fault parsing corrupt AOUT format files. (#1579799)\n- Fix seg-fault parsing corrupt DWARF2 debug information. (#1579802)\n- Fix seg-fault parsing corrupt ELF format files. (#1579801)\n[2.27-33.base]\n- Fix seg-fault parsing ELF files. (#1578979)\n- Fix seg-fault parsing DWARF-2 information. (#1579065)\n- Fix seg-fault parsing DWARF-2 information. (#1579051)\n- Fix seg-fault parsing a PE format file. (#1579019)\n[2.27-32.base]\n- Fix seg-fault parsing DWARF-1 information. (#1569580)\n- Fix seg-fault parsing DWARF-2 information. (#1569891)\n- Fix seg-fault parsing COFF files. (#1571917)\n[2.27-31.base]\n- Allow 'lea foo@GOT, %reg' in PIC mode on the x86. (#1573872)\n[2.27-30.base]\n- Version bump in order to allow a rebuild, in order to work around a transient problem with the compose database.\n[2.27-29.base]\n- Add support for the GLOBALAUDIT dynamic linker tag.\n (#1439351)", "edition": 2, "modified": "2018-11-05T00:00:00", "published": "2018-11-05T00:00:00", "id": "ELSA-2018-3032", "href": "http://linux.oracle.com/errata/ELSA-2018-3032.html", "title": "binutils security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10372", "CVE-2018-10373", "CVE-2018-10534", "CVE-2018-10535", "CVE-2018-13033", "CVE-2018-7208", "CVE-2018-7568", "CVE-2018-7569", "CVE-2018-7642", "CVE-2018-7643", "CVE-2018-8945"], "description": "The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function resulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm (CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "modified": "2018-10-30T09:21:26", "published": "2018-10-30T08:11:05", "id": "RHSA-2018:3032", "href": "https://access.redhat.com/errata/RHSA-2018:3032", "type": "redhat", "title": "(RHSA-2018:3032) Low: binutils security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-02-01T01:33:13", "description": "An update for binutils is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe binutils packages provide a collection of binary utilities for the\nmanipulation of object code in various object file formats. It\nincludes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf,\nsize, strings, strip, and addr2line utilities.\n\nSecurity Fix(es) :\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux()\nallows for denial of service when parsing a crafted COFF file\n(CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug\ninformation in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a\ncorrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in\naoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function\nresulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted\nexecutable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in\ndwarf.c:process_cu_tu_index() allows for denial of service via crafted\nfile (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename()\nallows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files\n(CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm\n(CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section.", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-16T00:00:00", "title": "CentOS 7 : binutils (CESA-2018:3032)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:binutils", "p-cpe:/a:centos:centos:binutils-devel"], "id": "CENTOS_RHSA-2018-3032.NASL", "href": "https://www.tenable.com/plugins/nessus/118983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3032 and \n# CentOS Errata and Security Advisory 2018:3032 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118983);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-13033\", \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-7643\", \"CVE-2018-8945\");\n script_xref(name:\"RHSA\", value:\"2018:3032\");\n\n script_name(english:\"CentOS 7 : binutils (CESA-2018:3032)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for binutils is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe binutils packages provide a collection of binary utilities for the\nmanipulation of object code in various object file formats. It\nincludes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf,\nsize, strings, strip, and addr2line utilities.\n\nSecurity Fix(es) :\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux()\nallows for denial of service when parsing a crafted COFF file\n(CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug\ninformation in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a\ncorrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in\naoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function\nresulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted\nexecutable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in\ndwarf.c:process_cu_tu_index() allows for denial of service via crafted\nfile (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename()\nallows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files\n(CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm\n(CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2018-November/005330.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba6e36ab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-7208\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"binutils-2.27-34.base.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"binutils-devel-2.27-34.base.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:02:31", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has binutils packages installed that are affected\nby multiple vulnerabilities:\n\n - The Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service (excessive memory\n allocation and application crash) via a crafted ELF\n file, as demonstrated by _bfd_elf_parse_attributes in\n elf-attrs.c and bfd_malloc in libbfd.c. This can occur\n during execution of nm. (CVE-2018-13033)\n\n - The _bfd_XX_bfd_copy_private_bfd_data_common function in\n peXXigen.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.30,\n processes a negative Data Directory size with an\n unbounded loop that increases the value of\n (external_IMAGE_DEBUG_DIRECTORY) *edd so that the\n address exceeds its own memory region, resulting in an\n out-of-bounds memory write, as demonstrated by objcopy\n copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in\n pex64igen.c. (CVE-2018-10534)\n\n - The ignore_section_sym function in elf.c in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, does not validate the\n output_section pointer in the case of a symtab entry\n with a SECTION type that has a 0 value, which allows\n remote attackers to cause a denial of service (NULL\n pointer dereference and application crash) via a crafted\n file, as demonstrated by objcopy. (CVE-2018-10535)\n\n - process_cu_tu_index in dwarf.c in GNU Binutils 2.30\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted binary file, as demonstrated by readelf.\n (CVE-2018-10372)\n\n - concat_filename in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed in\n GNU Binutils 2.30, allows remote attackers to cause a\n denial of service (NULL pointer dereference and\n application crash) via a crafted binary file, as\n demonstrated by nm-new. (CVE-2018-10373)\n\n - The display_debug_ranges function in dwarf.c in GNU\n Binutils 2.30 allows remote attackers to cause a denial\n of service (integer overflow and application crash) or\n possibly have unspecified other impact via a crafted ELF\n file, as demonstrated by objdump. (CVE-2018-7643)\n\n - An integer wraparound has been discovered in the Binary\n File Descriptor (BFD) library distributed in GNU\n Binutils up to version 2.30. An attacker could cause a\n crash by providing an ELF file with corrupted DWARF\n debug information. (CVE-2018-7568, CVE-2018-7569)\n\n - The swap_std_reloc_in function in aoutx.h in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service\n (aout_32_swap_std_reloc_out NULL pointer dereference and\n application crash) via a crafted ELF file, as\n demonstrated by objcopy. (CVE-2018-7642)\n\n - The bfd_section_from_shdr function in elf.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service (segmentation\n fault) via a large attribute section. (CVE-2018-8945)\n\n - In the coff_pointerize_aux function in coffgen.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, an index is not\n validated, which allows remote attackers to cause a\n denial of service (segmentation fault) or possibly have\n unspecified other impact via a crafted file, as\n demonstrated by objcopy of a COFF object.\n (CVE-2018-7208)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : binutils Multiple Vulnerabilities (NS-SA-2019-0060)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0060_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/127252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0060. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127252);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2018-7208\",\n \"CVE-2018-7568\",\n \"CVE-2018-7569\",\n \"CVE-2018-7642\",\n \"CVE-2018-7643\",\n \"CVE-2018-8945\",\n \"CVE-2018-10372\",\n \"CVE-2018-10373\",\n \"CVE-2018-10534\",\n \"CVE-2018-10535\",\n \"CVE-2018-13033\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : binutils Multiple Vulnerabilities (NS-SA-2019-0060)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has binutils packages installed that are affected\nby multiple vulnerabilities:\n\n - The Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service (excessive memory\n allocation and application crash) via a crafted ELF\n file, as demonstrated by _bfd_elf_parse_attributes in\n elf-attrs.c and bfd_malloc in libbfd.c. This can occur\n during execution of nm. (CVE-2018-13033)\n\n - The _bfd_XX_bfd_copy_private_bfd_data_common function in\n peXXigen.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.30,\n processes a negative Data Directory size with an\n unbounded loop that increases the value of\n (external_IMAGE_DEBUG_DIRECTORY) *edd so that the\n address exceeds its own memory region, resulting in an\n out-of-bounds memory write, as demonstrated by objcopy\n copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in\n pex64igen.c. (CVE-2018-10534)\n\n - The ignore_section_sym function in elf.c in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, does not validate the\n output_section pointer in the case of a symtab entry\n with a SECTION type that has a 0 value, which allows\n remote attackers to cause a denial of service (NULL\n pointer dereference and application crash) via a crafted\n file, as demonstrated by objcopy. (CVE-2018-10535)\n\n - process_cu_tu_index in dwarf.c in GNU Binutils 2.30\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted binary file, as demonstrated by readelf.\n (CVE-2018-10372)\n\n - concat_filename in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed in\n GNU Binutils 2.30, allows remote attackers to cause a\n denial of service (NULL pointer dereference and\n application crash) via a crafted binary file, as\n demonstrated by nm-new. (CVE-2018-10373)\n\n - The display_debug_ranges function in dwarf.c in GNU\n Binutils 2.30 allows remote attackers to cause a denial\n of service (integer overflow and application crash) or\n possibly have unspecified other impact via a crafted ELF\n file, as demonstrated by objdump. (CVE-2018-7643)\n\n - An integer wraparound has been discovered in the Binary\n File Descriptor (BFD) library distributed in GNU\n Binutils up to version 2.30. An attacker could cause a\n crash by providing an ELF file with corrupted DWARF\n debug information. (CVE-2018-7568, CVE-2018-7569)\n\n - The swap_std_reloc_in function in aoutx.h in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service\n (aout_32_swap_std_reloc_out NULL pointer dereference and\n application crash) via a crafted ELF file, as\n demonstrated by objcopy. (CVE-2018-7642)\n\n - The bfd_section_from_shdr function in elf.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service (segmentation\n fault) via a large attribute section. (CVE-2018-8945)\n\n - In the coff_pointerize_aux function in coffgen.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, an index is not\n validated, which allows remote attackers to cause a\n denial of service (segmentation fault) or possibly have\n unspecified other impact via a crafted file, as\n demonstrated by objcopy of a COFF object.\n (CVE-2018-7208)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0060\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL binutils packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-7643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"binutils-2.27-34.base.el7\",\n \"binutils-debuginfo-2.27-34.base.el7\",\n \"binutils-devel-2.27-34.base.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"binutils-2.27-34.base.el7\",\n \"binutils-debuginfo-2.27-34.base.el7\",\n \"binutils-devel-2.27-34.base.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T05:08:07", "description": "From Red Hat Security Advisory 2018:3032 :\n\nAn update for binutils is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe binutils packages provide a collection of binary utilities for the\nmanipulation of object code in various object file formats. It\nincludes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf,\nsize, strings, strip, and addr2line utilities.\n\nSecurity Fix(es) :\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux()\nallows for denial of service when parsing a crafted COFF file\n(CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug\ninformation in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a\ncorrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in\naoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function\nresulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted\nexecutable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in\ndwarf.c:process_cu_tu_index() allows for denial of service via crafted\nfile (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename()\nallows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files\n(CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm\n(CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section.", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-07T00:00:00", "title": "Oracle Linux 7 : binutils (ELSA-2018-3032)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:binutils", "p-cpe:/a:oracle:linux:binutils-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-3032.NASL", "href": "https://www.tenable.com/plugins/nessus/118762", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:3032 and \n# Oracle Linux Security Advisory ELSA-2018-3032 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118762);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/27 13:00:39\");\n\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-13033\", \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-7643\", \"CVE-2018-8945\");\n script_xref(name:\"RHSA\", value:\"2018:3032\");\n\n script_name(english:\"Oracle Linux 7 : binutils (ELSA-2018-3032)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:3032 :\n\nAn update for binutils is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe binutils packages provide a collection of binary utilities for the\nmanipulation of object code in various object file formats. It\nincludes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf,\nsize, strings, strip, and addr2line utilities.\n\nSecurity Fix(es) :\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux()\nallows for denial of service when parsing a crafted COFF file\n(CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug\ninformation in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a\ncorrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in\naoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function\nresulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted\nexecutable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in\ndwarf.c:process_cu_tu_index() allows for denial of service via crafted\nfile (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename()\nallows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files\n(CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm\n(CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-November/008186.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"binutils-2.27-34.base.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"binutils-devel-2.27-34.base.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T04:17:41", "description": "Security Fix(es) :\n\n - binutils: Improper bounds check in\n coffgen.c:coff_pointerize_aux() allows for denial of\n service when parsing a crafted COFF file (CVE-2018-7208)\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Integer overflow in the display_debug_ranges\n function resulting in crash (CVE-2018-7643)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c files\n (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\n - binutils: Uncontrolled Resource Consumption in execution\n of nm (CVE-2018-13033)", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-27T00:00:00", "title": "Scientific Linux Security Update : binutils on SL7.x x86_64 (20181030)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2018-11-27T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:binutils", "p-cpe:/a:fermilab:scientific_linux:binutils-debuginfo", "p-cpe:/a:fermilab:scientific_linux:binutils-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20181030_BINUTILS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/119179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119179);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/01\");\n\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-13033\", \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-7643\", \"CVE-2018-8945\");\n\n script_name(english:\"Scientific Linux Security Update : binutils on SL7.x x86_64 (20181030)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - binutils: Improper bounds check in\n coffgen.c:coff_pointerize_aux() allows for denial of\n service when parsing a crafted COFF file (CVE-2018-7208)\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Integer overflow in the display_debug_ranges\n function resulting in crash (CVE-2018-7643)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c files\n (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\n - binutils: Uncontrolled Resource Consumption in execution\n of nm (CVE-2018-13033)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=4157\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4528db8f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected binutils, binutils-debuginfo and / or\nbinutils-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"binutils-2.27-34.base.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"binutils-debuginfo-2.27-34.base.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"binutils-devel-2.27-34.base.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-debuginfo / binutils-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:55:35", "description": "According to the versions of the binutils package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - concat_filename in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.30, allows remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via a crafted binary file, as\n demonstrated by nm-new.(CVE-2018-10373)\n\n - The _bfd_XX_bfd_copy_private_bfd_data_common function\n in peXXigen.c in the Binary File Descriptor (BFD)\n library (aka libbfd), as distributed in GNU Binutils\n 2.30, processes a negative Data Directory size with an\n unbounded loop that increases the value of\n (external_IMAGE_DEBUG_DIRECTORY) *edd so that the\n address exceeds its own memory region, resulting in an\n out-of-bounds memory write, as demonstrated by objcopy\n copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in\n pex64igen.c.(CVE-2018-10534)\n\n - The parse_die function in dwarf1.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.30, allows remote attackers to cause\n a denial of service (integer overflow and application\n crash) via an ELF file with corrupt dwarf1 debug\n information, as demonstrated by nm.(CVE-2018-7568)\n\n - The swap_std_reloc_in function in aoutx.h in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service\n (aout_32_swap_std_reloc_out NULL pointer dereference\n and application crash) via a crafted ELF file, as\n demonstrated by objcopy.(CVE-2018-7642)\n\n - process_cu_tu_index in dwarf.c in GNU Binutils 2.30\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted binary file, as demonstrated by\n readelf.(CVE-2018-10372)\n\n - In the coff_pointerize_aux function in coffgen.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, an index is not\n validated, which allows remote attackers to cause a\n denial of service (segmentation fault) or possibly have\n unspecified other impact via a crafted file, as\n demonstrated by objcopy of a COFF\n object.(CVE-2018-7208)\n\n - The ignore_section_sym function in elf.c in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, does not validate the\n output_section pointer in the case of a symtab entry\n with a ''SECTION'' type that has a ''0'' value, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted file, as demonstrated by\n objcopy.(CVE-2018-10535)\n\n - The display_debug_ranges function in dwarf.c in GNU\n Binutils 2.30 allows remote attackers to cause a denial\n of service (integer overflow and application crash) or\n possibly have unspecified other impact via a crafted\n ELF file, as demonstrated by objdump.(CVE-2018-7643)\n\n - The bfd_section_from_shdr function in elf.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service (segmentation\n fault) via a large attribute section.(CVE-2018-8945)\n\n - dwarf2.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.30,\n allows remote attackers to cause a denial of service\n (integer underflow or overflow, and application crash)\n via an ELF file with a corrupt DWARF FORM block, as\n demonstrated by nm.(CVE-2018-7569)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : binutils (EulerOS-SA-2019-1377)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2019-05-14T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:binutils"], "id": "EULEROS_SA-2019-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/124880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124880);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10372\",\n \"CVE-2018-10373\",\n \"CVE-2018-10534\",\n \"CVE-2018-10535\",\n \"CVE-2018-7208\",\n \"CVE-2018-7568\",\n \"CVE-2018-7569\",\n \"CVE-2018-7642\",\n \"CVE-2018-7643\",\n \"CVE-2018-8945\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : binutils (EulerOS-SA-2019-1377)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - concat_filename in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.30, allows remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via a crafted binary file, as\n demonstrated by nm-new.(CVE-2018-10373)\n\n - The _bfd_XX_bfd_copy_private_bfd_data_common function\n in peXXigen.c in the Binary File Descriptor (BFD)\n library (aka libbfd), as distributed in GNU Binutils\n 2.30, processes a negative Data Directory size with an\n unbounded loop that increases the value of\n (external_IMAGE_DEBUG_DIRECTORY) *edd so that the\n address exceeds its own memory region, resulting in an\n out-of-bounds memory write, as demonstrated by objcopy\n copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in\n pex64igen.c.(CVE-2018-10534)\n\n - The parse_die function in dwarf1.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.30, allows remote attackers to cause\n a denial of service (integer overflow and application\n crash) via an ELF file with corrupt dwarf1 debug\n information, as demonstrated by nm.(CVE-2018-7568)\n\n - The swap_std_reloc_in function in aoutx.h in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service\n (aout_32_swap_std_reloc_out NULL pointer dereference\n and application crash) via a crafted ELF file, as\n demonstrated by objcopy.(CVE-2018-7642)\n\n - process_cu_tu_index in dwarf.c in GNU Binutils 2.30\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted binary file, as demonstrated by\n readelf.(CVE-2018-10372)\n\n - In the coff_pointerize_aux function in coffgen.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, an index is not\n validated, which allows remote attackers to cause a\n denial of service (segmentation fault) or possibly have\n unspecified other impact via a crafted file, as\n demonstrated by objcopy of a COFF\n object.(CVE-2018-7208)\n\n - The ignore_section_sym function in elf.c in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, does not validate the\n output_section pointer in the case of a symtab entry\n with a ''SECTION'' type that has a ''0'' value, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted file, as demonstrated by\n objcopy.(CVE-2018-10535)\n\n - The display_debug_ranges function in dwarf.c in GNU\n Binutils 2.30 allows remote attackers to cause a denial\n of service (integer overflow and application crash) or\n possibly have unspecified other impact via a crafted\n ELF file, as demonstrated by objdump.(CVE-2018-7643)\n\n - The bfd_section_from_shdr function in elf.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service (segmentation\n fault) via a large attribute section.(CVE-2018-8945)\n\n - dwarf2.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.30,\n allows remote attackers to cause a denial of service\n (integer underflow or overflow, and application crash)\n via an ELF file with a corrupt DWARF FORM block, as\n demonstrated by nm.(CVE-2018-7569)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1377\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e158241\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.27-28.base.1.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:54:20", "description": "According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c\n files (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-12-10T00:00:00", "title": "EulerOS 2.0 SP3 : binutils (EulerOS-SA-2018-1400)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2018-12-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils-devel", "p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1400.NASL", "href": "https://www.tenable.com/plugins/nessus/119528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119528);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10372\",\n \"CVE-2018-10373\",\n \"CVE-2018-10534\",\n \"CVE-2018-10535\",\n \"CVE-2018-7568\",\n \"CVE-2018-7569\",\n \"CVE-2018-7642\",\n \"CVE-2018-8945\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : binutils (EulerOS-SA-2018-1400)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c\n files (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1400\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ebfc277a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8945\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.25.1-22.base.h17\",\n \"binutils-devel-2.25.1-22.base.h17\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:54:25", "description": "According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c\n files (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-12-28T00:00:00", "title": "EulerOS 2.0 SP2 : binutils (EulerOS-SA-2018-1426)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2018-12-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils-devel", "p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1426.NASL", "href": "https://www.tenable.com/plugins/nessus/119915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119915);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10372\",\n \"CVE-2018-10373\",\n \"CVE-2018-10534\",\n \"CVE-2018-10535\",\n \"CVE-2018-7568\",\n \"CVE-2018-7569\",\n \"CVE-2018-7642\",\n \"CVE-2018-8945\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : binutils (EulerOS-SA-2018-1426)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c\n files (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1426\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e9d4c1df\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.25.1-22.base.h14\",\n \"binutils-devel-2.25.1-22.base.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T01:18:36", "description": "An integer wraparound has been discovered in the Binary File\nDescriptor (BFD) library distributed in GNU Binutils up to version\n2.30. An attacker could cause a crash by providing an ELF file with\ncorrupted DWARF debug information.(CVE-2018-7568)\n\nThe ignore_section_sym function in elf.c in the Binary File Descriptor\n(BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does\nnot validate the output_section pointer in the case of a symtab entry\nwith a 'SECTION' type that has a '0' value, which allows remote\nattackers to cause a denial of service (NULL pointer dereference and\napplication crash) via a crafted file, as demonstrated by\nobjcopy.(CVE-2018-10535)\n\nThe display_debug_ranges function in dwarf.c in GNU Binutils 2.30\nallows remote attackers to cause a denial of service (integer overflow\nand application crash) or possibly have unspecified other impact via a\ncrafted ELF file, as demonstrated by objdump.(CVE-2018-7643)\n\nconcat_filename in dwarf2.c in the Binary File Descriptor (BFD)\nlibrary (aka libbfd), as distributed in GNU Binutils 2.30, allows\nremote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted binary file, as\ndemonstrated by nm-new.(CVE-2018-10373)\n\nThe elf_object_p function in elfcode.h in the Binary File Descriptor\n(BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has\nan unsigned integer overflow because bfd_size_type multiplication is\nnot used. A crafted ELF file allows remote attackers to cause a denial\nof service (application crash) or possibly have unspecified other\nimpact.(CVE-2018-6323)\n\nAn integer wraparound has been discovered in the Binary File\nDescriptor (BFD) library distributed in GNU Binutils up to version\n2.30. An attacker could cause a crash by providing an ELF file with\ncorrupted DWARF debug information.(CVE-2018-7569)\n\nThe Binary File Descriptor (BFD) library (aka libbfd), as distributed\nin GNU Binutils 2.30, allows remote attackers to cause a denial of\nservice (excessive memory allocation and application crash) via a\ncrafted ELF file, as demonstrated by _bfd_elf_parse_attributes in\nelf-attrs.c and bfd_malloc in libbfd.c. This can occur during\nexecution of nm.(CVE-2018-13033)\n\nprocess_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted binary file, as demonstrated by\nreadelf.(CVE-2018-10372)\n\nIn the coff_pointerize_aux function in coffgen.c in the Binary File\nDescriptor (BFD) library (aka libbfd), as distributed in GNU Binutils\n2.30, an index is not validated, which allows remote attackers to\ncause a denial of service (segmentation fault) or possibly have\nunspecified other impact via a crafted file, as demonstrated by\nobjcopy of a COFF object.(CVE-2018-7208)", "edition": 21, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-10T00:00:00", "title": "Amazon Linux 2 : binutils (ALAS-2019-1138)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7208", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-6323", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:binutils-debuginfo", "p-cpe:/a:amazon:linux:binutils-devel", "p-cpe:/a:amazon:linux:binutils", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1138.NASL", "href": "https://www.tenable.com/plugins/nessus/121047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1138.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121047);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10535\", \"CVE-2018-13033\", \"CVE-2018-6323\", \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7643\");\n script_xref(name:\"ALAS\", value:\"2019-1138\");\n\n script_name(english:\"Amazon Linux 2 : binutils (ALAS-2019-1138)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer wraparound has been discovered in the Binary File\nDescriptor (BFD) library distributed in GNU Binutils up to version\n2.30. An attacker could cause a crash by providing an ELF file with\ncorrupted DWARF debug information.(CVE-2018-7568)\n\nThe ignore_section_sym function in elf.c in the Binary File Descriptor\n(BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does\nnot validate the output_section pointer in the case of a symtab entry\nwith a 'SECTION' type that has a '0' value, which allows remote\nattackers to cause a denial of service (NULL pointer dereference and\napplication crash) via a crafted file, as demonstrated by\nobjcopy.(CVE-2018-10535)\n\nThe display_debug_ranges function in dwarf.c in GNU Binutils 2.30\nallows remote attackers to cause a denial of service (integer overflow\nand application crash) or possibly have unspecified other impact via a\ncrafted ELF file, as demonstrated by objdump.(CVE-2018-7643)\n\nconcat_filename in dwarf2.c in the Binary File Descriptor (BFD)\nlibrary (aka libbfd), as distributed in GNU Binutils 2.30, allows\nremote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted binary file, as\ndemonstrated by nm-new.(CVE-2018-10373)\n\nThe elf_object_p function in elfcode.h in the Binary File Descriptor\n(BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has\nan unsigned integer overflow because bfd_size_type multiplication is\nnot used. A crafted ELF file allows remote attackers to cause a denial\nof service (application crash) or possibly have unspecified other\nimpact.(CVE-2018-6323)\n\nAn integer wraparound has been discovered in the Binary File\nDescriptor (BFD) library distributed in GNU Binutils up to version\n2.30. An attacker could cause a crash by providing an ELF file with\ncorrupted DWARF debug information.(CVE-2018-7569)\n\nThe Binary File Descriptor (BFD) library (aka libbfd), as distributed\nin GNU Binutils 2.30, allows remote attackers to cause a denial of\nservice (excessive memory allocation and application crash) via a\ncrafted ELF file, as demonstrated by _bfd_elf_parse_attributes in\nelf-attrs.c and bfd_malloc in libbfd.c. This can occur during\nexecution of nm.(CVE-2018-13033)\n\nprocess_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted binary file, as demonstrated by\nreadelf.(CVE-2018-10372)\n\nIn the coff_pointerize_aux function in coffgen.c in the Binary File\nDescriptor (BFD) library (aka libbfd), as distributed in GNU Binutils\n2.30, an index is not validated, which allows remote attackers to\ncause a denial of service (segmentation fault) or possibly have\nunspecified other impact via a crafted file, as demonstrated by\nobjcopy of a COFF object.(CVE-2018-7208)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1138.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update binutils' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"binutils-2.29.1-27.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"binutils-debuginfo-2.29.1-27.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"binutils-devel-2.29.1-27.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-debuginfo / binutils-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:55:12", "description": "According to the versions of the binutils package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An integer wraparound has been discovered in the Binary\n File Descriptor (BFD) library distributed in GNU\n Binutils up to version 2.30. An attacker could cause a\n crash by providing an ELF file with corrupted DWARF\n debug information.i1/4^CVE-2018-7568i1/4%0\n\n - An integer wraparound has been discovered in the Binary\n File Descriptor (BFD) library distributed in GNU\n Binutils up to version 2.30. An attacker could cause a\n crash by providing an ELF file with corrupted DWARF\n debug information.i1/4^CVE-2018-7569i1/4%0\n\n - The swap_std_reloc_in function in aoutx.h in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service\n (aout_32_swap_std_reloc_out NULL pointer dereference\n and application crash) via a crafted ELF file, as\n demonstrated by objcopy.i1/4^CVE-2018-7642i1/4%0\n\n - The bfd_section_from_shdr function in elf.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service (segmentation\n fault) via a large attribute\n section.i1/4^CVE-2018-8945i1/4%0\n\n - process_cu_tu_index in dwarf.c in GNU Binutils 2.30\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted binary file, as demonstrated by\n readelf.i1/4^CVE-2018-10372i1/4%0\n\n - concat_filename in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.30, allows remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via a crafted binary file, as\n demonstrated by nm-new.i1/4^CVE-2018-10373i1/4%0\n\n - The _bfd_XX_bfd_copy_private_bfd_data_common function\n in peXXigen.c in the Binary File Descriptor (BFD)\n library (aka libbfd), as distributed in GNU Binutils\n 2.30, processes a negative Data Directory size with an\n unbounded loop that increases the value of\n (external_IMAGE_DEBUG_DIRECTORY) *edd so that the\n address exceeds its own memory region, resulting in an\n out-of-bounds memory write, as demonstrated by objcopy\n copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in\n pex64igen.c.i1/4^CVE-2018-10534i1/4%0\n\n - The ignore_section_sym function in elf.c in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, does not validate the\n output_section pointer in the case of a symtab entry\n with a 'SECTION' type that has a '0' value, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted file, as demonstrated by\n objcopy.i1/4^CVE-2018-10535i1/4%0\n\n - The _bfd_elf_parse_attributes function in elf-attrs.c\n in the Binary File Descriptor (BFD) library (aka\n libbfd), as distributed in GNU Binutils 2.29, allows\n remote attackers to cause a denial of service\n (_bfd_elf_attr_strdup heap-based buffer over-read and\n application crash) via a crafted ELF\n file.i1/4^CVE-2017-14130i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-04-09T00:00:00", "title": "EulerOS Virtualization 2.5.4 : binutils (EulerOS-SA-2019-1219)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2017-14130", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2019-04-09T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:2.5.4", "p-cpe:/a:huawei:euleros:binutils"], "id": "EULEROS_SA-2019-1219.NASL", "href": "https://www.tenable.com/plugins/nessus/123905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123905);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-14130\",\n \"CVE-2018-10372\",\n \"CVE-2018-10373\",\n \"CVE-2018-10534\",\n \"CVE-2018-10535\",\n \"CVE-2018-7568\",\n \"CVE-2018-7569\",\n \"CVE-2018-7642\",\n \"CVE-2018-8945\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.4 : binutils (EulerOS-SA-2019-1219)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An integer wraparound has been discovered in the Binary\n File Descriptor (BFD) library distributed in GNU\n Binutils up to version 2.30. An attacker could cause a\n crash by providing an ELF file with corrupted DWARF\n debug information.i1/4^CVE-2018-7568i1/4%0\n\n - An integer wraparound has been discovered in the Binary\n File Descriptor (BFD) library distributed in GNU\n Binutils up to version 2.30. An attacker could cause a\n crash by providing an ELF file with corrupted DWARF\n debug information.i1/4^CVE-2018-7569i1/4%0\n\n - The swap_std_reloc_in function in aoutx.h in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service\n (aout_32_swap_std_reloc_out NULL pointer dereference\n and application crash) via a crafted ELF file, as\n demonstrated by objcopy.i1/4^CVE-2018-7642i1/4%0\n\n - The bfd_section_from_shdr function in elf.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, allows remote\n attackers to cause a denial of service (segmentation\n fault) via a large attribute\n section.i1/4^CVE-2018-8945i1/4%0\n\n - process_cu_tu_index in dwarf.c in GNU Binutils 2.30\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted binary file, as demonstrated by\n readelf.i1/4^CVE-2018-10372i1/4%0\n\n - concat_filename in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.30, allows remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via a crafted binary file, as\n demonstrated by nm-new.i1/4^CVE-2018-10373i1/4%0\n\n - The _bfd_XX_bfd_copy_private_bfd_data_common function\n in peXXigen.c in the Binary File Descriptor (BFD)\n library (aka libbfd), as distributed in GNU Binutils\n 2.30, processes a negative Data Directory size with an\n unbounded loop that increases the value of\n (external_IMAGE_DEBUG_DIRECTORY) *edd so that the\n address exceeds its own memory region, resulting in an\n out-of-bounds memory write, as demonstrated by objcopy\n copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in\n pex64igen.c.i1/4^CVE-2018-10534i1/4%0\n\n - The ignore_section_sym function in elf.c in the Binary\n File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.30, does not validate the\n output_section pointer in the case of a symtab entry\n with a 'SECTION' type that has a '0' value, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted file, as demonstrated by\n objcopy.i1/4^CVE-2018-10535i1/4%0\n\n - The _bfd_elf_parse_attributes function in elf-attrs.c\n in the Binary File Descriptor (BFD) library (aka\n libbfd), as distributed in GNU Binutils 2.29, allows\n remote attackers to cause a denial of service\n (_bfd_elf_attr_strdup heap-based buffer over-read and\n application crash) via a crafted ELF\n file.i1/4^CVE-2017-14130i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1219\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7399cf17\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.4\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.4\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.27-28.base.1.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:54:30", "description": "According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c\n files (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\n - binutils: integer overflow leads to heap-based buffer\n overflow in objdump(CVE-2018-1000876)\n\n - binutils: bfd_elf_attr_strdup heap-based buffer\n over-read and application crash(CVE-2017-14130)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-14T00:00:00", "title": "EulerOS 2.0 SP5 : binutils (EulerOS-SA-2019-1019)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2017-14130", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2019-02-14T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils-devel", "p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1019.NASL", "href": "https://www.tenable.com/plugins/nessus/122166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122166);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-14130\",\n \"CVE-2018-1000876\",\n \"CVE-2018-10372\",\n \"CVE-2018-10373\",\n \"CVE-2018-10534\",\n \"CVE-2018-10535\",\n \"CVE-2018-7568\",\n \"CVE-2018-7569\",\n \"CVE-2018-7642\",\n \"CVE-2018-8945\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : binutils (EulerOS-SA-2019-1019)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c\n files (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\n - binutils: integer overflow leads to heap-based buffer\n overflow in objdump(CVE-2018-1000876)\n\n - binutils: bfd_elf_attr_strdup heap-based buffer\n over-read and application crash(CVE-2017-14130)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3aa3417\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.27-28.base.1.h12.eulerosv2r7\",\n \"binutils-devel-2.27-28.base.1.h12.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-27T18:37:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191377", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1377)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1377\");\n script_version(\"2020-01-23T11:40:46+0000\");\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-7643\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:40:46 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:40:46 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1377)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1377\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1377\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2019-1377 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.(CVE-2018-10373)\n\nThe _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.(CVE-2018-10534)\n\nThe parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.(CVE-2018-7568)\n\nThe swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.(CVE-2018-7642)\n\nprocess_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.(CVE-2018-10372)\n\nIn the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.(CVE-2018-7208)\n\nThe ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a ''SECTION'' type that has a ''0'' value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.(CVE-2018-10535)\n\nThe display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.27~28.base.1.h15\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181426", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1426)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1426\");\n script_version(\"2020-01-23T11:26:00+0000\");\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:26:00 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:26:00 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1426)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1426\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1426\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2018-1426 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\nbinutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\nbinutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\nbinutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\nbinutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\nbinutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\nbinutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\nbinutils: NULL pointer dereference in elf.c (CVE-2018-10535)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.25.1~22.base.h14\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.25.1~22.base.h14\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181400", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1400)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1400\");\n script_version(\"2020-01-23T11:24:45+0000\");\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:24:45 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:24:45 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1400)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1400\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1400\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2018-1400 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\nbinutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\nbinutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\nbinutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\nbinutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\nbinutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\nbinutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\nbinutils: NULL pointer dereference in elf.c (CVE-2018-10535)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.25.1~22.base.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.25.1~22.base.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2017-14130", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191219", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1219)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1219\");\n script_version(\"2020-01-23T11:35:09+0000\");\n script_cve_id(\"CVE-2017-14130\", \"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:35:09 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:35:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1219)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.4\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1219\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1219\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2019-1219 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.CVE-2018-7568\n\nAn integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.CVE-2018-7569\n\nThe swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.CVE-2018-7642\n\nThe bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.CVE-2018-8945\n\nprocess_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.CVE-2018-10372\n\nconcat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.CVE-2018-10373\n\nThe _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.CVE-2018-10534\n\nThe ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a 'SECTION' type that has a '0' value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.CVE-2018-10535\n\nThe _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descri ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS Virtualization 2.5.4.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.4\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.27~28.base.1.h11\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2017-14130", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191019", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1019)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1019\");\n script_version(\"2020-01-23T11:27:40+0000\");\n script_cve_id(\"CVE-2017-14130\", \"CVE-2018-1000876\", \"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:27:40 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:27:40 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1019)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1019\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1019\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2019-1019 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\nbinutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\nbinutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\nbinutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\nbinutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\nbinutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\nbinutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\nbinutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\nbinutils: integer overflow leads to heap-based buffer overflow in objdump(CVE-2018-1000876)\n\nbinutils: bfd_elf_attr_strdup heap-based buffer over-read and application crash(CVE-2017-14130)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.27~28.base.1.h12.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.27~28.base.1.h12.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:37:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2017-16830", "CVE-2018-10534", "CVE-2018-7570", "CVE-2018-7569", "CVE-2017-16828", "CVE-2018-6872", "CVE-2017-16826", "CVE-2018-6543", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-6323", "CVE-2017-16831", "CVE-2018-7643", "CVE-2018-6759", "CVE-2017-16829", "CVE-2017-15938", "CVE-2017-16832", "CVE-2018-10535", "CVE-2017-15939", "CVE-2017-16827", "CVE-2017-15996", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310852051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852051", "type": "openvas", "title": "openSUSE: Security Advisory for binutils (openSUSE-SU-2018:3323-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852051\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2017-15938\", \"CVE-2017-15939\", \"CVE-2017-15996\", \"CVE-2017-16826\", \"CVE-2017-16827\", \"CVE-2017-16828\", \"CVE-2017-16829\", \"CVE-2017-16830\", \"CVE-2017-16831\", \"CVE-2017-16832\", \"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-6323\", \"CVE-2018-6543\", \"CVE-2018-6759\", \"CVE-2018-6872\", \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7570\", \"CVE-2018-7642\", \"CVE-2018-7643\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:38:06 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for binutils (openSUSE-SU-2018:3323-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3323-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00049.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'binutils'\n package(s) announced via the openSUSE-SU-2018:3323-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for binutils to version 2.31 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2017-15996: readelf allowed remote attackers to cause a denial of\n service (excessive memory allocation) or possibly have unspecified other\n impact via a crafted ELF file that triggered a buffer overflow on fuzzed\n archive header (bsc#1065643)\n\n - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd)\n mishandled NULL files in a .debug_line file table, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted ELF file, related to concat_filename\n (bsc#1065689)\n\n - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd)\n miscalculated DW_FORM_ref_addr die refs in the case of a relocatable\n object file, which allowed remote attackers to cause a denial of service\n (find_abstract_instance_name invalid memory read, segmentation fault,\n and application crash) (bsc#1065693)\n\n - CVE-2017-16826: The coff_slurp_line_table function the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (invalid memory access and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068640)\n\n - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File\n Descriptor (BFD) library (aka libbfd) did not validate size and offset\n values in the data dictionary, which allowed remote attackers to cause a\n denial of service (segmentation violation and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068643)\n\n - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did\n not validate the symbol count, which allowed remote attackers to cause a\n denial of service (integer overflow and application crash, or excessive\n memory allocation) or possibly have unspecified other impact via a\n crafted PE file (bsc#1068887)\n\n - CVE-2017-16830: The print_gnu_property_note function did not have\n integer-overflow protection on 32-bit platforms, which allowed remote\n attackers to cause a denial of service (segmentation violation and\n application crash) or possibly have unspecified other impact via a\n crafted ELF file (bsc#1068888)\n\n - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary\n File Descriptor (BFD) library (aka libbfd) did not prevent negative\n pointers, which allowed remote attackers to cause a denial of service\n (out-of-bounds read and application crash) or possibly have unspecified\n other impact via a crafted ELF file ( ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"binutils on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-debuginfo\", rpm:\"binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-debugsource\", rpm:\"binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-gold\", rpm:\"binutils-gold~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-gold-debuginfo\", rpm:\"binutils-gold-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel-32bit\", rpm:\"binutils-devel-32bit~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-aarch64-binutils\", rpm:\"cross-aarch64-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-aarch64-binutils-debuginfo\", rpm:\"cross-aarch64-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-aarch64-binutils-debugsource\", rpm:\"cross-aarch64-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-arm-binutils\", rpm:\"cross-arm-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-arm-binutils-debuginfo\", rpm:\"cross-arm-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-arm-binutils-debugsource\", rpm:\"cross-arm-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-avr-binutils\", rpm:\"cross-avr-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-avr-binutils-debuginfo\", rpm:\"cross-avr-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-avr-binutils-debugsource\", rpm:\"cross-avr-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-epiphany-binutils\", rpm:\"cross-epiphany-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-epiphany-binutils-debuginfo\", rpm:\"cross-epiphany-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-epiphany-binutils-debugsource\", rpm:\"cross-epiphany-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa-binutils\", rpm:\"cross-hppa-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa-binutils-debuginfo\", rpm:\"cross-hppa-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa-binutils-debugsource\", rpm:\"cross-hppa-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa64-binutils\", rpm:\"cross-hppa64-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa64-binutils-debuginfo\", rpm:\"cross-hppa64-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa64-binutils-debugsource\", rpm:\"cross-hppa64-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-i386-binutils\", rpm:\"cross-i386-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-i386-binutils-debuginfo\", rpm:\"cross-i386-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-i386-binutils-debugsource\", rpm:\"cross-i386-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ia64-binutils\", rpm:\"cross-ia64-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ia64-binutils-debuginfo\", rpm:\"cross-ia64-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ia64-binutils-debugsource\", rpm:\"cross-ia64-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-m68k-binutils\", rpm:\"cross-m68k-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-m68k-binutils-debuginfo\", rpm:\"cross-m68k-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-m68k-binutils-debugsource\", rpm:\"cross-m68k-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-mips-binutils\", rpm:\"cross-mips-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-mips-binutils-debuginfo\", rpm:\"cross-mips-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-mips-binutils-debugsource\", rpm:\"cross-mips-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc-binutils\", rpm:\"cross-ppc-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc-binutils-debuginfo\", rpm:\"cross-ppc-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc-binutils-debugsource\", rpm:\"cross-ppc-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64-binutils\", rpm:\"cross-ppc64-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64-binutils-debuginfo\", rpm:\"cross-ppc64-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64-binutils-debugsource\", rpm:\"cross-ppc64-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64le-binutils\", rpm:\"cross-ppc64le-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64le-binutils-debuginfo\", rpm:\"cross-ppc64le-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64le-binutils-debugsource\", rpm:\"cross-ppc64le-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-riscv64-binutils\", rpm:\"cross-riscv64-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-riscv64-binutils-debuginfo\", rpm:\"cross-riscv64-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-riscv64-binutils-debugsource\", rpm:\"cross-riscv64-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-rx-binutils\", rpm:\"cross-rx-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-rx-binutils-debuginfo\", rpm:\"cross-rx-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-rx-binutils-debugsource\", rpm:\"cross-rx-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390-binutils\", rpm:\"cross-s390-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390-binutils-debuginfo\", rpm:\"cross-s390-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390-binutils-debugsource\", rpm:\"cross-s390-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390x-binutils\", rpm:\"cross-s390x-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390x-binutils-debuginfo\", rpm:\"cross-s390x-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390x-binutils-debugsource\", rpm:\"cross-s390x-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc-binutils\", rpm:\"cross-sparc-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc-binutils-debuginfo\", rpm:\"cross-sparc-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc-binutils-debugsource\", rpm:\"cross-sparc-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc64-binutils\", rpm:\"cross-sparc64-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc64-binutils-debuginfo\", rpm:\"cross-sparc64-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc64-binutils-debugsource\", rpm:\"cross-sparc64-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-spu-binutils\", rpm:\"cross-spu-binutils~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-spu-binutils-debuginfo\", rpm:\"cross-spu-binutils-debuginfo~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-spu-binutils-debugsource\", rpm:\"cross-spu-binutils-debugsource~2.31~lp150.5.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7208", "CVE-2018-7643"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181099", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1099)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1099\");\n script_version(\"2020-01-23T11:12:36+0000\");\n script_cve_id(\"CVE-2018-7208\", \"CVE-2018-7643\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:12:36 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:12:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1099)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1099\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1099\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2018-1099 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.(CVE-2018-7208)\n\nThe display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.(CVE-2018-7643)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.23.52.0.1~55.h12\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.23.52.0.1~55.h12\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7208", "CVE-2018-7643"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181154", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1154)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1154\");\n script_version(\"2020-01-23T11:15:27+0000\");\n script_cve_id(\"CVE-2018-7208\", \"CVE-2018-7643\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:15:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:15:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1154)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1154\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1154\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2018-1154 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.(CVE-2018-7643)\n\nIn the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.(CVE-2018-7208)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.25.1~22.base.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.25.1~22.base.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7208", "CVE-2018-7643"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181098", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181098", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1098)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1098\");\n script_version(\"2020-01-23T11:12:34+0000\");\n script_cve_id(\"CVE-2018-7208\", \"CVE-2018-7643\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:12:34 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:12:34 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1098)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1098\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1098\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2018-1098 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.(CVE-2018-7208)\n\nThe display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.(CVE-2018-7643)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.23.52.0.1~55.h12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.23.52.0.1~55.h12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8501", "CVE-2014-8485", "CVE-2018-7642", "CVE-2018-7208", "CVE-2017-15020", "CVE-2014-8504", "CVE-2018-19932", "CVE-2014-8738", "CVE-2014-8737", "CVE-2018-7569", "CVE-2017-16828", "CVE-2017-16826", "CVE-2018-7568", "CVE-2014-8484", "CVE-2017-16831", "CVE-2018-7643", "CVE-2014-8502", "CVE-2017-16827", "CVE-2014-8503", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191431", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191431", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1431)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1431\");\n script_version(\"2020-01-23T11:45:28+0000\");\n script_cve_id(\"CVE-2014-8484\", \"CVE-2014-8485\", \"CVE-2014-8501\", \"CVE-2014-8502\", \"CVE-2014-8503\", \"CVE-2014-8504\", \"CVE-2014-8737\", \"CVE-2014-8738\", \"CVE-2017-15020\", \"CVE-2017-16826\", \"CVE-2017-16827\", \"CVE-2017-16828\", \"CVE-2017-16831\", \"CVE-2018-19932\", \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-7643\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:45:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:45:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1431)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1431\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1431\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2019-1431 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.(CVE-2018-7568)\n\nA stack-based buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility.(CVE-2014-8501)\n\nThe coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.(CVE-2017-16826)\n\nIt was found that the fix for the CVE-2014-8485 issue was incomplete: a heap-based buffer overflow in the objdump utility could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running objdump when processing specially crafted files.(CVE-2014-8502)\n\nA directory traversal flaw was found in the strip and objcopy utilities. A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities.(CVE-2014-8737)\n\nThe bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.(CVE-2018-8945)\n\nIn the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.(CVE-2018-7208)\n\ndwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.(CVE-2017-15020)\n\nA buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted f ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.27~28.base.1.h15\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7208", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-6323", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373"], "description": "**Issue Overview:**\n\nAn integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.([CVE-2018-7568 __](<https://access.redhat.com/security/cve/CVE-2018-7568>))\n\nThe ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a &quot;SECTION&quot; type that has a &quot;0&quot; value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.([CVE-2018-10535 __](<https://access.redhat.com/security/cve/CVE-2018-10535>))\n\nThe display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.([CVE-2018-7643 __](<https://access.redhat.com/security/cve/CVE-2018-7643>))\n\nconcat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.([CVE-2018-10373 __](<https://access.redhat.com/security/cve/CVE-2018-10373>))\n\nThe elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.([CVE-2018-6323 __](<https://access.redhat.com/security/cve/CVE-2018-6323>))\n\nAn integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.([CVE-2018-7569 __](<https://access.redhat.com/security/cve/CVE-2018-7569>))\n\nThe Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.([CVE-2018-13033 __](<https://access.redhat.com/security/cve/CVE-2018-13033>))\n\nprocess_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.([CVE-2018-10372 __](<https://access.redhat.com/security/cve/CVE-2018-10372>))\n\nIn the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.([CVE-2018-7208 __](<https://access.redhat.com/security/cve/CVE-2018-7208>))\n\n \n**Affected Packages:** \n\n\nbinutils\n\n \n**Issue Correction:** \nRun _yum update binutils_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n binutils-2.29.1-27.amzn2.0.1.aarch64 \n binutils-devel-2.29.1-27.amzn2.0.1.aarch64 \n binutils-debuginfo-2.29.1-27.amzn2.0.1.aarch64 \n \n i686: \n binutils-2.29.1-27.amzn2.0.1.i686 \n binutils-devel-2.29.1-27.amzn2.0.1.i686 \n binutils-debuginfo-2.29.1-27.amzn2.0.1.i686 \n \n src: \n binutils-2.29.1-27.amzn2.0.1.src \n \n x86_64: \n binutils-2.29.1-27.amzn2.0.1.x86_64 \n binutils-devel-2.29.1-27.amzn2.0.1.x86_64 \n binutils-debuginfo-2.29.1-27.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2019-01-07T21:47:00", "published": "2019-01-07T21:47:00", "id": "ALAS2-2019-1138", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1138.html", "title": "Low: binutils", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:52:23", "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-29T15:29:00", "title": "CVE-2018-10534", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10534"], "modified": "2019-08-03T13:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-10534", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10534", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:23", "description": "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-25T09:29:00", "title": "CVE-2018-10373", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10373"], "modified": "2019-08-03T13:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-10373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10373", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:27", "description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-01T16:29:00", "title": "CVE-2018-13033", "type": "cve", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13033"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:redhat:openshift_container_platform:3.11", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-13033", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13033", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:23", "description": "process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-25T09:29:00", "title": "CVE-2018-10372", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10372"], "modified": "2019-08-03T13:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-10372", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10372", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:23", "description": "The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-29T15:29:00", "title": "CVE-2018-10535", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10535"], "modified": "2019-08-03T13:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-10535", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:42", "description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-02-28T21:29:00", "title": "CVE-2018-7569", "type": "cve", "cwe": ["CWE-190", "CWE-191"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7569"], "modified": "2019-10-31T01:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-7569", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7569", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:42", "description": "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-02T15:29:00", "title": "CVE-2018-7643", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7643"], "modified": "2019-10-31T01:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-7643", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7643", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:42", "description": "The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-03-02T15:29:00", "title": "CVE-2018-7642", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7642"], "modified": "2019-10-31T01:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-7642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7642", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:42", "description": "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-02-28T21:29:00", "title": "CVE-2018-7568", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7568"], "modified": "2019-10-31T01:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-7568", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7568", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:41", "description": "In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-18T04:29:00", "title": "CVE-2018-7208", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7208"], "modified": "2019-10-31T01:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-7208", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7208", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2018-10-23T16:31:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2017-16830", "CVE-2018-10534", "CVE-2018-7570", "CVE-2018-7569", "CVE-2017-16828", "CVE-2018-6872", "CVE-2017-16826", "CVE-2018-6543", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-6323", "CVE-2017-16831", "CVE-2018-7643", "CVE-2018-6759", "CVE-2017-16829", "CVE-2017-15938", "CVE-2017-16832", "CVE-2018-10535", "CVE-2017-15939", "CVE-2017-16827", "CVE-2017-15996", "CVE-2018-10373", "CVE-2018-8945"], "description": "This update for binutils to version 2.31 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2017-15996: readelf allowed remote attackers to cause a denial of\n service (excessive memory allocation) or possibly have unspecified other\n impact via a crafted ELF file that triggered a buffer overflow on fuzzed\n archive header (bsc#1065643)\n - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd)\n mishandled NULL files in a .debug_line file table, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted ELF file, related to concat_filename\n (bsc#1065689)\n - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd)\n miscalculated DW_FORM_ref_addr die refs in the case of a relocatable\n object file, which allowed remote attackers to cause a denial of service\n (find_abstract_instance_name invalid memory read, segmentation fault,\n and application crash) (bsc#1065693)\n - CVE-2017-16826: The coff_slurp_line_table function the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (invalid memory access and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068640)\n - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File\n Descriptor (BFD) library (aka libbfd) did not validate size and offset\n values in the data dictionary, which allowed remote attackers to cause a\n denial of service (segmentation violation and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068643)\n - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did\n not validate the symbol count, which allowed remote attackers to cause a\n denial of service (integer overflow and application crash, or excessive\n memory allocation) or possibly have unspecified other impact via a\n crafted PE file (bsc#1068887)\n - CVE-2017-16830: The print_gnu_property_note function did not have\n integer-overflow protection on 32-bit platforms, which allowed remote\n attackers to cause a denial of service (segmentation violation and\n application crash) or possibly have unspecified other impact via a\n crafted ELF file (bsc#1068888)\n - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary\n File Descriptor (BFD) library (aka libbfd) did not prevent negative\n pointers, which allowed remote attackers to cause a denial of service\n (out-of-bounds read and application crash) or possibly have unspecified\n other impact via a crafted ELF file (bsc#1068950)\n - CVE-2017-16828: The display_debug_frames function allowed remote\n attackers to cause a denial of service (integer overflow and heap-based\n buffer over-read, and application crash) or possibly have unspecified\n other impact via a crafted ELF file (bsc#1069176)\n - CVE-2017-16827: The aout_get_external_symbols function in the Binary\n File Descriptor (BFD) library (aka libbfd) allowed remote attackers to\n cause a denial of service (slurp_symtab invalid free and application\n crash) or possibly have unspecified other impact via a crafted ELF file\n (bsc#1069202)\n - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor\n (BFD) library (aka libbfd) had an unsigned integer overflow because\n bfd_size_type multiplication is not used. A crafted ELF file allowed\n remote attackers to cause a denial of service (application crash) or\n possibly have unspecified\n other impact (bsc#1077745)\n - CVE-2018-6543: Prevent integer overflow in the function\n load_specific_debug_section() which resulted in `malloc()` with 0 size.\n A crafted ELF file allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other impact\n (bsc#1079103)\n - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File\n Descriptor (BFD) library (aka libbfd) had an unchecked strnlen\n operation. Remote attackers could have leveraged this vulnerability to\n cause a denial of service (segmentation fault) via a crafted ELF file\n (bsc#1079741)\n - CVE-2018-6872: The elf_parse_notes function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (out-of-bounds read and segmentation violation) via\n a note with a large alignment (bsc#1080556)\n - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File\n Descriptor (BFD) library (aka libbfd) an index was not validated, which\n allowed remote attackers to cause a denial of service (segmentation\n fault) or possibly have unspecified other impact via a crafted file, as\n demonstrated by objcopy of a COFF object (bsc#1081527)\n - CVE-2018-7570: The assign_file_positions_for_non_load_sections function\n in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via an ELF file with a RELRO segment that lacks a\n matching LOAD segment, as demonstrated by objcopy (bsc#1083528)\n - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd)\n allowed remote attackers to cause a denial of service (integer underflow\n or overflow, and application crash) via an ELF file with a corrupt DWARF\n FORM block, as demonstrated by nm (bsc#1083532)\n - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (segmentation fault) via a large attribute section\n (bsc#1086608)\n - CVE-2018-7643: The display_debug_ranges function allowed remote\n attackers to cause a denial of service (integer overflow and application\n crash) or possibly have unspecified other impact via a crafted ELF file,\n as demonstrated by\n objdump (bsc#1086784)\n - CVE-2018-7642: The swap_std_reloc_in function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference\n and application crash) via a crafted ELF file, as demonstrated by\n objcopy (bsc#1086786)\n - CVE-2018-7568: The parse_die function in the Binary File Descriptor\n (BFD) library (aka libbfd) allowed remote attackers to cause a denial of\n service (integer overflow and application crash) via an ELF file with\n corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788)\n - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD)\n library (aka libbfd) allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash) via a crafted\n binary file, as demonstrated by nm-new (bsc#1090997)\n - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a\n denial of service (heap-based buffer over-read and application crash)\n via a crafted binary file, as demonstrated by readelf (bsc#1091015)\n - CVE-2018-10535: The ignore_section_sym function in the Binary File\n Descriptor (BFD) library (aka libbfd) did not validate the\n output_section pointer in the case of a symtab entry with a &quot;SECTION&quot;\n type that has a &quot;0&quot; value, which allowed remote attackers to cause a\n denial of service (NULL pointer dereference and application crash) via a\n crafted file, as demonstrated by objcopy (bsc#1091365)\n - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in\n the Binary File Descriptor (BFD) library (aka libbfd) processesed a\n negative Data Directory size with an unbounded loop that increased the\n value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address\n exceeded its own memory region, resulting in an out-of-bounds memory\n write, as demonstrated by\n objcopy copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368)\n\n These non-security issues were fixed:\n\n - The AArch64 port now supports showing disassembly notes which are\n emitted when inconsistencies are found with the instruction that may\n result in the instruction being invalid. These can be turned on with\n the option -M notes to objdump.\n - The AArch64 port now emits warnings when a combination of an instruction\n and a named register could be invalid.\n - Added O modifier to ar to display member offsets inside an archive\n - The ADR and ADRL pseudo-instructions supported by the ARM assembler now\n only set the bottom bit of the address of thumb function symbols if the\n -mthumb-interwork command line option is active.\n - Add --generate-missing-build-notes=[yes|no] option to create (or not)\n GNU Build Attribute notes if none are present in the input sources. Add\n a\n --enable-generate-build-notes=[yes|no] configure time option to set the\n default behaviour. Set the default if the configure option is not used\n to &quot;no&quot;.\n - Remove -mold-gcc command-line option for x86 targets.\n - Add -O[2|s] command-line options to x86 assembler to enable alternate\n shorter instruction encoding.\n - Add support for .nops directive. It is currently supported only for x86\n targets.\n - Speed up direct linking with DLLs for Cygwin and Mingw targets.\n - Add a configure option --enable-separate-code to decide whether\n -z separate-code should be enabled in ELF linker by default. Default to\n yes for Linux/x86 targets. Note that -z separate-code can increase\n disk and memory size.\n - RISC-V: Fix symbol address problem with versioned symbols\n - Restore riscv64-elf cross prefix via symlinks\n - Fix pacemaker libqb problem with section start/stop symbols\n - RISC-V: Don't enable relaxation in relocatable link\n - Prevent linking faiures on i386 with assertion (bsc#1085784)\n - Fix symbol size bug when relaxation deletes bytes\n - Add --debug-dump=links option to readelf and --dwarf=links option to\n objdump which displays the contents of any .gnu_debuglink or\n .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to\n readelf and a --dwarf=follow-links\n option to objdump which causes indirect links into separate debug info\n files to be followed when dumping other DWARF sections.\n - Add support for loaction views in DWARF debug line information.\n - Add -z separate-code to generate separate code PT_LOAD segment.\n - Add &quot;-z undefs&quot; command line option as the inverse of the &quot;-z defs&quot;\n option.\n - Add -z globalaudit command line option to force audit libraries to be\n run for every dynamic object loaded by an executable - provided that the\n loader supports this functionality.\n - Tighten linker script grammar around file name specifiers to prevent the\n use\n of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These\n would previously be accepted but had no effect.\n - The EXCLUDE_FILE directive can now be placed within any SORT_* directive\n within input section lists.\n - Fix linker relaxation with --wrap\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-10-23T15:22:34", "published": "2018-10-23T15:22:34", "id": "OPENSUSE-SU-2018:3323-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00049.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-10-31T04:09:13", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2018-7570", "CVE-2018-17358", "CVE-2018-7569", "CVE-2018-17985", "CVE-2018-6872", "CVE-2019-1010180", "CVE-2018-17360", "CVE-2018-6543", "CVE-2018-19931", "CVE-2018-18483", "CVE-2018-7568", "CVE-2018-6323", "CVE-2018-7643", "CVE-2018-6759", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2018-17359", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "This update for binutils fixes the following issues:\n\n binutils was updated to current 2.32 branch [jsc#ECO-368].\n\n Includes following security fixes:\n\n - CVE-2018-17358: Fixed invalid memory access in\n _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)\n - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in\n opncls.c (bsc#1109413)\n - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in\n libbfd.c (bsc#1109414)\n - CVE-2018-17985: Fixed a stack consumption problem caused by the\n cplus_demangle_type (bsc#1116827)\n - CVE-2018-18309: Fixed an invalid memory address dereference was\n discovered in read_reloc in reloc.c (bsc#1111996)\n - CVE-2018-18483: Fixed get_count function provided by libiberty that\n allowed attackers to cause a denial of service or other unspecified\n impact (bsc#1112535)\n - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions\n provided by libiberty, caused by recursive stack frames (bsc#1112534)\n - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered\n in the function sec_merge_hash_lookup causing a denial of service\n (bsc#1113255)\n - CVE-2018-18606: Fixed a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge sections with large\n alignments, causing denial of service (bsc#1113252)\n - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd\n when used for finding STT_TLS symbols without any TLS section, causing\n denial of service (bsc#1113247)\n - CVE-2018-19931: Fixed a heap-based buffer overflow in\n bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)\n - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by\n the IS_CONTAINED_BY_LMA (bsc#1118830)\n - CVE-2018-20623: Fixed a use-after-free in the error function in\n elfcomm.c (bsc#1121035)\n - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference\n in elf_link_add_object_symbols in elflink.c (bsc#1121034)\n - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based\n buffer overflow in load_specific_debug_section in objdump.c\n (bsc#1121056)\n - CVE-2018-1000876: Fixed integer overflow in\n bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in\n objdump (bsc#1120640)\n - CVE-2019-1010180: Fixed an out of bound memory access that could lead to\n crashes (bsc#1142772)\n\n - enable xtensa architecture (Tensilica lc6 and related)\n - Use -ffat-lto-objects in order to provide assembly for static libs\n (bsc#1141913).\n - Fixed some LTO build issues (bsc#1133131 bsc#1133232).\n - riscv: Don't check ABI flags if no code section\n - Fixed a segfault in ld when building some versions of pacemaker\n (bsc#1154025, bsc#1154016).\n - Add avr, epiphany and rx to target_list so that the common binutils can\n handle all objects we can create with crosses (bsc#1152590).\n\n Update to binutils 2.32:\n\n * The binutils now support for the C-SKY processor series.\n * The x86 assembler now supports a -mvexwig=[0|1] option to control\n encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new\n -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property\n notes.\n * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the\n Loongson EXTensions (EXT) instructions, the Loongson Content Address\n Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions\n (MMI) ASE.\n * The addr2line, c++filt, nm and objdump tools now have a default limit on\n the maximum amount of recursion that is allowed whilst demangling\n strings. This limit can be disabled if necessary.\n * Objdump's --disassemble option can now take a parameter, specifying the\n starting symbol for disassembly. Disassembly will continue from this\n symbol up to the next symbol or the end of the function.\n * The BFD linker will now report property change in linker map file when\n merging GNU properties.\n * The BFD linker's -t option now doesn't report members within archives,\n unless -t is given twice. This makes it more useful when generating a\n list of files that should be packaged for a linker bug report.\n * The GOLD linker has improved warning messages for relocations that refer\n to discarded sections.\n\n - Improve relro support on s390 [fate#326356]\n - Fix broken debug symbols (bsc#1118644)\n - Handle ELF compressed header alignment correctly.\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-10-31T00:14:06", "published": "2019-10-31T00:14:06", "id": "OPENSUSE-SU-2019:2415-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T00:01:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2018-7570", "CVE-2018-17358", "CVE-2018-7569", "CVE-2018-17985", "CVE-2018-6872", "CVE-2019-1010180", "CVE-2018-17360", "CVE-2018-6543", "CVE-2018-19931", "CVE-2018-18483", "CVE-2018-7568", "CVE-2018-6323", "CVE-2018-7643", "CVE-2018-6759", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2018-17359", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "This update for binutils fixes the following issues:\n\n binutils was updated to current 2.32 branch [jsc#ECO-368].\n\n Includes following security fixes:\n\n - CVE-2018-17358: Fixed invalid memory access in\n _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)\n - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in\n opncls.c (bsc#1109413)\n - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in\n libbfd.c (bsc#1109414)\n - CVE-2018-17985: Fixed a stack consumption problem caused by the\n cplus_demangle_type (bsc#1116827)\n - CVE-2018-18309: Fixed an invalid memory address dereference was\n discovered in read_reloc in reloc.c (bsc#1111996)\n - CVE-2018-18483: Fixed get_count function provided by libiberty that\n allowed attackers to cause a denial of service or other unspecified\n impact (bsc#1112535)\n - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions\n provided by libiberty, caused by recursive stack frames (bsc#1112534)\n - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered\n in the function sec_merge_hash_lookup causing a denial of service\n (bsc#1113255)\n - CVE-2018-18606: Fixed a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge sections with large\n alignments, causing denial of service (bsc#1113252)\n - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd\n when used for finding STT_TLS symbols without any TLS section, causing\n denial of service (bsc#1113247)\n - CVE-2018-19931: Fixed a heap-based buffer overflow in\n bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)\n - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by\n the IS_CONTAINED_BY_LMA (bsc#1118830)\n - CVE-2018-20623: Fixed a use-after-free in the error function in\n elfcomm.c (bsc#1121035)\n - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference\n in elf_link_add_object_symbols in elflink.c (bsc#1121034)\n - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based\n buffer overflow in load_specific_debug_section in objdump.c\n (bsc#1121056)\n - CVE-2018-1000876: Fixed integer overflow in\n bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in\n objdump (bsc#1120640)\n - CVE-2019-1010180: Fixed an out of bound memory access that could lead to\n crashes (bsc#1142772)\n\n - enable xtensa architecture (Tensilica lc6 and related)\n - Use -ffat-lto-objects in order to provide assembly for static libs\n (bsc#1141913).\n - Fixed some LTO build issues (bsc#1133131 bsc#1133232).\n - riscv: Don't check ABI flags if no code section\n - Fixed a segfault in ld when building some versions of pacemaker\n (bsc#1154025, bsc#1154016).\n - Add avr, epiphany and rx to target_list so that the common binutils can\n handle all objects we can create with crosses (bsc#1152590).\n\n Update to binutils 2.32:\n\n * The binutils now support for the C-SKY processor series.\n * The x86 assembler now supports a -mvexwig=[0|1] option to control\n encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new\n -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property\n notes.\n * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the\n Loongson EXTensions (EXT) instructions, the Loongson Content Address\n Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions\n (MMI) ASE.\n * The addr2line, c++filt, nm and objdump tools now have a default limit on\n the maximum amount of recursion that is allowed whilst demangling\n strings. This limit can be disabled if necessary.\n * Objdump's --disassemble option can now take a parameter, specifying the\n starting symbol for disassembly. Disassembly will continue from this\n symbol up to the next symbol or the end of the function.\n * The BFD linker will now report property change in linker map file when\n merging GNU properties.\n * The BFD linker's -t option now doesn't report members within archives,\n unless -t is given twice. This makes it more useful when generating a\n list of files that should be packaged for a linker bug report.\n * The GOLD linker has improved warning messages for relocations that refer\n to discarded sections.\n\n - Improve relro support on s390 [fate#326356]\n - Fix broken debug symbols (bsc#1118644)\n - Handle ELF compressed header alignment correctly.\n\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2019-11-05T21:18:30", "published": "2019-11-05T21:18:30", "id": "OPENSUSE-SU-2019:2432-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-10-18T20:30:45", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9755", "CVE-2018-7642", "CVE-2018-7208", "CVE-2017-7223", "CVE-2017-16830", "CVE-2018-10534", "CVE-2018-7570", "CVE-2017-7299", "CVE-2017-9746", "CVE-2017-7300", "CVE-2018-7569", "CVE-2017-8396", "CVE-2017-16828", "CVE-2017-8394", "CVE-2018-6872", "CVE-2017-7224", "CVE-2017-16826", "CVE-2017-7303", "CVE-2018-6543", "CVE-2018-10372", "CVE-2017-9750", "CVE-2017-9756", "CVE-2017-7302", "CVE-2017-9748", "CVE-2014-9939", "CVE-2018-7568", "CVE-2017-6966", "CVE-2017-7225", "CVE-2018-6323", "CVE-2017-16831", "CVE-2018-7643", "CVE-2018-6759", "CVE-2017-16829", "CVE-2017-15938", "CVE-2017-8393", "CVE-2017-16832", "CVE-2017-8392", "CVE-2017-7301", "CVE-2017-6965", "CVE-2018-10535", "CVE-2017-7210", "CVE-2017-15939", "CVE-2017-7304", "CVE-2017-16827", "CVE-2017-7209", "CVE-2017-7226", "CVE-2017-15996", "CVE-2017-9747", "CVE-2018-10373", "CVE-2017-8421", "CVE-2017-6969", "CVE-2018-8945"], "description": "This update for binutils to 2.31 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2017-15996: readelf allowed remote attackers to cause a denial of\n service (excessive memory allocation) or possibly have unspecified other\n impact via a crafted ELF file that triggered a buffer overflow on fuzzed\n archive header (bsc#1065643).\n - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd)\n mishandled NULL files in a .debug_line file table, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted ELF file, related to concat_filename\n (bsc#1065689).\n - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd)\n miscalculated DW_FORM_ref_addr die refs in the case of a relocatable\n object file, which allowed remote attackers to cause a denial of service\n (find_abstract_instance_name invalid memory read, segmentation fault,\n and application crash) (bsc#1065693).\n - CVE-2017-16826: The coff_slurp_line_table function the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (invalid memory access and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068640).\n - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File\n Descriptor (BFD) library (aka libbfd) did not validate size and offset\n values in the data dictionary, which allowed remote attackers to cause a\n denial of service (segmentation violation and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068643).\n - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did\n not validate the symbol count, which allowed remote attackers to cause a\n denial of service (integer overflow and application crash, or excessive\n memory allocation) or possibly have unspecified other impact via a\n crafted PE file (bsc#1068887).\n - CVE-2017-16830: The print_gnu_property_note function did not have\n integer-overflow protection on 32-bit platforms, which allowed remote\n attackers to cause a denial of service (segmentation violation and\n application crash) or possibly have unspecified other impact via a\n crafted ELF file (bsc#1068888).\n - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary\n File Descriptor (BFD) library (aka libbfd) did not prevent negative\n pointers, which allowed remote attackers to cause a denial of service\n (out-of-bounds read and application crash) or possibly have unspecified\n other impact via a crafted ELF file (bsc#1068950).\n - CVE-2017-16828: The display_debug_frames function allowed remote\n attackers to cause a denial of service (integer overflow and heap-based\n buffer over-read, and application crash) or possibly have unspecified\n other impact via a crafted ELF file (bsc#1069176).\n - CVE-2017-16827: The aout_get_external_symbols function in the Binary\n File Descriptor (BFD) library (aka libbfd) allowed remote attackers to\n cause a denial of service (slurp_symtab invalid free and application\n crash) or possibly have unspecified other impact via a crafted ELF file\n (bsc#1069202).\n - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor\n (BFD) library (aka libbfd) had an unsigned integer overflow because\n bfd_size_type multiplication is not used. A crafted ELF file allowed\n remote attackers to cause a denial of service (application crash) or\n possibly have unspecified\n other impact (bsc#1077745).\n - CVE-2018-6543: Prevent integer overflow in the function\n load_specific_debug_section() which resulted in `malloc()` with 0 size.\n A crafted ELF file allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other impact\n (bsc#1079103).\n - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File\n Descriptor (BFD) library (aka libbfd) had an unchecked strnlen\n operation. Remote attackers could have leveraged this vulnerability to\n cause a denial of service (segmentation fault) via a crafted ELF file\n (bsc#1079741).\n - CVE-2018-6872: The elf_parse_notes function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (out-of-bounds read and segmentation violation) via\n a note with a large alignment (bsc#1080556).\n - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File\n Descriptor (BFD) library (aka libbfd) an index was not validated, which\n allowed remote attackers to cause a denial of service (segmentation\n fault) or possibly have unspecified other impact via a crafted file, as\n demonstrated by objcopy of a COFF object (bsc#1081527).\n - CVE-2018-7570: The assign_file_positions_for_non_load_sections function\n in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via an ELF file with a RELRO segment that lacks a\n matching LOAD segment, as demonstrated by objcopy (bsc#1083528).\n - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd)\n allowed remote attackers to cause a denial of service (integer underflow\n or overflow, and application crash) via an ELF file with a corrupt DWARF\n FORM block, as demonstrated by nm (bsc#1083532).\n - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (segmentation fault) via a large attribute section\n (bsc#1086608).\n - CVE-2018-7643: The display_debug_ranges function allowed remote\n attackers to cause a denial of service (integer overflow and application\n crash) or possibly have unspecified other impact via a crafted ELF file,\n as demonstrated by\n objdump (bsc#1086784).\n - CVE-2018-7642: The swap_std_reloc_in function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference\n and application crash) via a crafted ELF file, as demonstrated by\n objcopy (bsc#1086786).\n - CVE-2018-7568: The parse_die function in the Binary File Descriptor\n (BFD) library (aka libbfd) allowed remote attackers to cause a denial of\n service (integer overflow and application crash) via an ELF file with\n corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788).\n - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD)\n library (aka libbfd) allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash) via a crafted\n binary file, as demonstrated by nm-new (bsc#1090997).\n - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a\n denial of service (heap-based buffer over-read and application crash)\n via a crafted binary file, as demonstrated by readelf (bsc#1091015).\n - CVE-2018-10535: The ignore_section_sym function in the Binary File\n Descriptor (BFD) library (aka libbfd) did not validate the\n output_section pointer in the case of a symtab entry with a &quot;SECTION&quot;\n type that has a &quot;0&quot; value, which allowed remote attackers to cause a\n denial of service (NULL pointer dereference and application crash) via a\n crafted file, as demonstrated by objcopy (bsc#1091365).\n - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in\n the Binary File Descriptor (BFD) library (aka libbfd) processesed a\n negative Data Directory size with an unbounded loop that increased the\n value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address\n exceeded its own memory region, resulting in an out-of-bounds memory\n write, as demonstrated by\n objcopy copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c\n (bsc#1091368).\n\n These non-security issues were fixed:\n\n - The AArch64 port now supports showing disassembly notes which are\n emitted when inconsistencies are found with the instruction that may\n result in the instruction being invalid. These can be turned on with the\n option -M notes to objdump.\n - The AArch64 port now emits warnings when a combination of an instruction\n and a named register could be invalid.\n - Added O modifier to ar to display member offsets inside an archive\n - The ADR and ADRL pseudo-instructions supported by the ARM assembler now\n only set the bottom bit of the address of thumb function symbols if the\n -mthumb-interwork command line option is active.\n - Add --generate-missing-build-notes=[yes|no] option to create (or not)\n GNU Build Attribute notes if none are present in the input sources. Add\n a\n --enable-generate-build-notes=[yes|no] configure time option to set the\n default behaviour. Set the default if the configure option is not used\n to &quot;no&quot;.\n - Remove -mold-gcc command-line option for x86 targets.\n - Add -O[2|s] command-line options to x86 assembler to enable alternate\n shorter instruction encoding.\n - Add support for .nops directive. It is currently supported only for x86\n targets.\n - Speed up direct linking with DLLs for Cygwin and Mingw targets.\n - Add a configure option --enable-separate-code to decide whether\n -z separate-code should be enabled in ELF linker by default. Default to\n yes for Linux/x86 targets. Note that -z separate-code can increase disk\n and memory size.\n - RISC-V: Fix symbol address problem with versioned symbols\n - Restore riscv64-elf cross prefix via symlinks\n - RISC-V: Don't enable relaxation in relocatable link\n - Prevent linking faiures on i386 with assertion (bsc#1085784)\n - Fix symbol size bug when relaxation deletes bytes\n - Add --debug-dump=links option to readelf and --dwarf=links option to\n objdump which displays the contents of any .gnu_debuglink or\n .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to\n readelf and a --dwarf=follow-links\n option to objdump which causes indirect links into separate debug info\n files to be followed when dumping other DWARF sections.\n - Add support for loaction views in DWARF debug line information.\n - Add -z separate-code to generate separate code PT_LOAD segment.\n - Add &quot;-z undefs&quot; command line option as the inverse of the &quot;-z defs&quot;\n option.\n - Add -z globalaudit command line option to force audit libraries to be\n run for every dynamic object loaded by an executable - provided that the\n loader supports this functionality.\n - Tighten linker script grammar around file name specifiers to prevent the\n use\n of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These\n would previously be accepted but had no effect.\n - The EXCLUDE_FILE directive can now be placed within any SORT_* directive\n within input section lists.\n - Fix linker relaxation with --wrap\n - Add arm-none-eabi symlinks (bsc#1074741)\n\n Former updates of binutils also fixed the following security issues, for\n which there was not CVE assigned at the time the update was released or no\n mapping between code change and CVE existed:\n\n - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in\n Intel Hex objects (bsc#1030296).\n - CVE-2017-7225: The find_nearest_line function in addr2line did not\n handle the case where the main file name and the directory name are both\n empty, triggering a NULL pointer dereference and an invalid write, and\n leading to a program crash (bsc#1030585).\n - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable\n to an invalid write (of size 1) while disassembling a corrupt binary\n that contains an empty function name, leading to a program crash\n (bsc#1030588).\n - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer\n overflow (of size 1) while attempting to unget an EOF character from the\n input stream, potentially leading to a program crash (bsc#1030589).\n - CVE-2017-7226: The pe_ILF_object_p function in the Binary File\n Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based\n buffer over-read of size 4049 because it used the strlen function\n instead of strnlen, leading to program crashes in several utilities such\n as addr2line, size, and strings. It could lead to information disclosure\n as well (bsc#1030584).\n - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had\n an invalid read (of size 8) because the code to emit relocs\n (bfd_elf_final_link function in bfd/elflink.c) did not check the format\n of the input file trying to read the ELF reloc section header. The\n vulnerability leads to a GNU linker (ld) program crash (bsc#1031644).\n - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had\n an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a\n heap-based buffer over-read (off-by-one) because of an incomplete check\n for invalid string offsets while loading symbols, leading to a GNU\n linker (ld) program crash (bsc#1031656).\n - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had\n a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an\n invalid read (of size 4) because of missing checks for relocs that could\n not be recognised. This vulnerability caused Binutils utilities like\n strip to crash (bsc#1031595).\n - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read (of size 4) because of missing a check (in\n the find_link function) for null headers attempting to match them. This\n vulnerability caused Binutils utilities like strip to crash\n (bsc#1031593).\n - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had\n an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one\n vulnerability because it did not carefully check the string offset. The\n vulnerability could lead to a GNU linker (ld) program crash\n (bsc#1031638).\n - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read (of size 8) because of missing a check (in\n the copy_special_section_fields function) for an invalid sh_link field\n attempting to follow it. This vulnerability caused Binutils utilities\n like strip to crash (bsc#1031590).\n - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read of size 8 because of missing a check to\n determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line\n function. This vulnerability caused programs that conduct an analysis of\n binary programs using the libbfd library, such as objdump, to crash\n (bsc#1037052).\n - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to a global buffer over-read error because of an assumption\n made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA\n sections are always named starting with a .rel/.rela prefix. This\n vulnerability caused programs that conduct an analysis of binary\n programs using the libbfd library, such as\n objcopy and strip, to crash (bsc#1037057).\n - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read of size 4 due to NULL pointer\n dereferencing of _bfd_elf_large_com_section. This vulnerability caused\n programs that conduct an analysis of binary programs using the libbfd\n library, such as objcopy, to crash (bsc#1037061).\n - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read of size 1 because the existing reloc\n offset range tests didn't catch small negative offsets less than the\n size of the reloc field. This vulnerability caused programs that conduct\n an analysis of binary programs using the libbfd library, such as\n objdump, to crash (bsc#1037066).\n - CVE-2017-8421: The function coff_set_alignment_hook in Binary File\n Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability\n which can cause memory exhaustion in objdump via a crafted PE file\n (bsc#1037273).\n - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed\n remote attackers to cause a denial of service (buffer overflow and\n application crash)\n or possibly have unspecified other impact via a crafted binary file, as\n demonstrated by mishandling of rae insns printing for this file during\n &quot;objdump\n -D&quot; execution (bsc#1044891).\n - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor\n (BFD) library (aka libbfd) might have allowed remote attackers to cause\n a denial of service (buffer overflow and application crash) or possibly\n have unspecified other impact via a crafted binary file, as demonstrated\n by mishandling of this file during &quot;objdump -D&quot; execution (bsc#1044897).\n - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor\n (BFD) library (aka libbfd) might have allowed remote attackers to cause\n a denial of service (buffer overflow and application crash) or possibly\n have unspecified\n other impact via a crafted binary file, as demonstrated by mishandling\n of this file during &quot;objdump -D&quot; execution (bsc#1044901).\n - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain\n scale arrays, which allowed remote attackers to cause a denial of\n service (buffer\n overflow and application crash) or possibly have unspecified other\n impact via a crafted binary file, as demonstrated by mishandling of\n this file during &quot;objdump -D&quot; execution (bsc#1044909).\n - CVE-2017-9755: Not considering the the number of registers for bnd mode\n allowed remote attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified other impact via a\n crafted binary file, as demonstrated by mishandling of this file during\n &quot;objdump -D&quot; execution (bsc#1044925).\n - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote\n attackers to cause a denial of service (buffer overflow and application\n crash) or possibly have unspecified other impact via a crafted binary\n file, as demonstrated by mishandling of this file during &quot;objdump -D&quot;\n execution (bsc#1044927).\n - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a\n NULL pointer while reading section contents in a corrupt binary, leading\n to a program crash (bsc#1030298).\n - CVE-2017-6965: readelf wrote to illegal addresses while processing\n corrupt input files containing symbol-difference relocations, leading to\n a heap-based buffer overflow (bsc#1029909).\n - CVE-2017-6966: readelf had a use-after-free (specifically\n read-after-free) error while processing multiple, relocated sections in\n an MSP430 binary. This is caused by mishandling of an invalid symbol\n index, and mishandling of state across invocations (bsc#1029908).\n - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read\n while processing corrupt RL78 binaries. The vulnerability can trigger\n program crashes. It may lead to an information leak as well\n (bsc#1029907).\n - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer\n over-reads (of size 1 and size 8) while handling corrupt STABS enum type\n strings in a crafted object file, leading to program crash\n (bsc#1030297).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-10-18T18:52:54", "published": "2018-10-18T18:52:54", "id": "OPENSUSE-SU-2018:3223-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00039.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2019-08-03T15:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19932", "CVE-2018-10534", "CVE-2018-12698", "CVE-2018-12697", "CVE-2018-10372", "CVE-2018-12699", "CVE-2018-13033", "CVE-2018-19931", "CVE-2018-12641", "CVE-2018-12700", "CVE-2018-10535", "CVE-2018-20651", "CVE-2018-20002", "CVE-2018-10373"], "description": "### Background\n\nThe GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker, by enticing a user to compile/execute a specially crafted ELF, object, PE, or binary file, could possibly cause a Denial of Service condition or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Binutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/binutils-2.32-r1\"", "edition": 1, "modified": "2019-08-03T00:00:00", "published": "2019-08-03T00:00:00", "id": "GLSA-201908-01", "href": "https://security.gentoo.org/glsa/201908-01", "title": "Binutils: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-11-27T06:37:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14933", "CVE-2018-7642", "CVE-2018-7208", "CVE-2017-17122", "CVE-2017-16830", "CVE-2018-7570", "CVE-2017-17080", "CVE-2018-7569", "CVE-2017-16828", "CVE-2018-6872", "CVE-2017-16826", "CVE-2018-6543", "CVE-2017-17124", "CVE-2017-17126", "CVE-2018-7568", "CVE-2017-16831", "CVE-2018-7643", "CVE-2018-6759", "CVE-2017-16829", "CVE-2017-16832", "CVE-2017-16827", "CVE-2017-17121", "CVE-2017-17125", "CVE-2017-17123", "CVE-2018-8945"], "description": "### Background\n\nThe GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker, by enticing a user to compile/execute a specially crafted ELF, object, PE, or binary file, could possibly cause a Denial of Service condition or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Binutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/binutils-2.30-r2\"", "edition": 1, "modified": "2018-11-27T00:00:00", "published": "2018-11-27T00:00:00", "id": "GLSA-201811-17", "href": "https://security.gentoo.org/glsa/201811-17", "title": "Binutils: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18700", "CVE-2018-9138", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-18605", "CVE-2018-17358", "CVE-2018-12698", "CVE-2019-9071", "CVE-2018-12697", "CVE-2019-17450", "CVE-2018-17794", "CVE-2019-14250", "CVE-2018-17985", "CVE-2019-12972", "CVE-2018-17360", "CVE-2018-10372", "CVE-2018-12699", "CVE-2018-13033", "CVE-2018-19931", "CVE-2018-18483", "CVE-2019-9075", "CVE-2019-9077", "CVE-2018-12641", "CVE-2018-12700", "CVE-2019-9073", "CVE-2018-10535", "CVE-2019-17451", "CVE-2018-12934", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2019-9070", "CVE-2019-9074", "CVE-2018-17359", "CVE-2018-20002", "CVE-2018-10373", "CVE-2019-14444", "CVE-2018-18701", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "It was discovered that GNU binutils contained a large number of security \nissues. If a user or automated system were tricked into processing a \nspecially-crafted file, a remote attacker could cause GNU binutils to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode.", "edition": 2, "modified": "2020-04-22T00:00:00", "published": "2020-04-22T00:00:00", "id": "USN-4336-1", "href": "https://ubuntu.com/security/notices/USN-4336-1", "title": "GNU binutils vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2020-05-15T05:08:22", "bulletinFamily": "software", "cvelist": ["CVE-2018-18700", "CVE-2018-9138", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-18605", "CVE-2018-17358", "CVE-2018-12698", "CVE-2019-9071", "CVE-2018-12697", "CVE-2019-17450", "CVE-2018-17794", "CVE-2019-14250", "CVE-2018-17985", "CVE-2019-12972", "CVE-2018-17360", "CVE-2018-10372", "CVE-2018-12699", "CVE-2018-13033", "CVE-2018-19931", "CVE-2018-18483", "CVE-2019-9075", "CVE-2019-9077", "CVE-2018-12641", "CVE-2018-12700", "CVE-2019-9073", "CVE-2018-10535", "CVE-2019-17451", "CVE-2018-12934", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2019-9070", "CVE-2019-9074", "CVE-2018-17359", "CVE-2018-20002", "CVE-2018-10373", "CVE-2019-14444", "CVE-2018-18701", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2018-1000876, CVE-2018-10372, CVE-2018-10373, CVE-2018-10534, CVE-2018-10535, CVE-2018-12641, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, CVE-2018-12700, CVE-2018-12934, CVE-2018-13033, CVE-2018-17358, CVE-2018-17359, CVE-2018-17360, CVE-2018-17794, CVE-2018-17985, CVE-2018-18309, CVE-2018-18483, CVE-2018-18484, CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, CVE-2018-18700, CVE-2018-18701, CVE-2018-19931, CVE-2018-19932, CVE-2018-20002, CVE-2018-20623, CVE-2018-20651, CVE-2018-20671, CVE-2018-8945, CVE-2018-9138, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077, CVE-2019-14250, CVE-2019-12972, CVE-2019-14444, CVE-2019-17450, CVE-2019-17451.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.176.0\n * CF Deployment \n * All versions prior to v13.0.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.176.0 or greater\n * CF Deployment \n * Upgrade All versions to v13.0.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4336-1/>)\n * [CVE-2018-1000876](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876>)\n * [CVE-2018-10372](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10372>)\n * [CVE-2018-10373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10373>)\n * [CVE-2018-10534](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10534>)\n * [CVE-2018-10535](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10535>)\n * [CVE-2018-12641](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641>)\n * [CVE-2018-12697](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697>)\n * [CVE-2018-12698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698>)\n * [CVE-2018-12699](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699>)\n * [CVE-2018-12700](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700>)\n * [CVE-2018-12934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12934>)\n * [CVE-2018-13033](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13033>)\n * [CVE-2018-17358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17358>)\n * [CVE-2018-17359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17359>)\n * [CVE-2018-17360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17360>)\n * [CVE-2018-17794](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794>)\n * [CVE-2018-17985](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985>)\n * [CVE-2018-18309](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18309>)\n * [CVE-2018-18483](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18483>)\n * [CVE-2018-18484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484>)\n * [CVE-2018-18605](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605>)\n * [CVE-2018-18606](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606>)\n * [CVE-2018-18607](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607>)\n * [CVE-2018-18700](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700>)\n * [CVE-2018-18701](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701>)\n * [CVE-2018-19931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931>)\n * [CVE-2018-19932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932>)\n * [CVE-2018-20002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002>)\n * [CVE-2018-20623](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20623>)\n * [CVE-2018-20651](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20651>)\n * [CVE-2018-20671](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20671>)\n * [CVE-2018-8945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945>)\n * [CVE-2018-9138](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9138>)\n * [CVE-2019-9070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9070>)\n * [CVE-2019-9071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9071>)\n * [CVE-2019-9073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9073>)\n * [CVE-2019-9074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9074>)\n * [CVE-2019-9075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9075>)\n * [CVE-2019-9077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9077>)\n * [CVE-2019-14250](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14250>)\n * [CVE-2019-12972](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12972>)\n * [CVE-2019-14444](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14444>)\n * [CVE-2019-17450](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17450>)\n * [CVE-2019-17451](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17451>)\n\n## History\n\n2020-04-22: Initial vulnerability report published.\n", "edition": 1, "modified": "2020-05-14T00:00:00", "published": "2020-05-14T00:00:00", "id": "CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A", "href": "https://www.cloudfoundry.org/blog/usn-4336-1/", "title": "USN-4336-1: GNU binutils vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}