Search...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1074)

2020-01-23T00:00:00

ID OPENVAS:1361412562311220201074
Type openvas
Reporter Copyright (C) 2020 Greenbone Networks GmbH
Modified 2020-01-23T00:00:00

Description

The remote host is missing an update for the Huawei EulerOS

                                        
                                            # Copyright (C) 2020 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) the respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.2.2020.1074");
  script_version("2020-01-23T15:42:05+0000");
  script_cve_id("CVE-2018-1000876", "CVE-2018-18309", "CVE-2018-18605", "CVE-2018-18606", "CVE-2018-18607", "CVE-2018-20002", "CVE-2018-20671", "CVE-2019-1010180", "CVE-2019-12972", "CVE-2019-17450", "CVE-2019-17451");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)");
  script_tag(name:"creation_date", value:"2020-01-23 13:19:35 +0000 (Thu, 23 Jan 2020)");
  script_name("Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1074)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2020 Greenbone Networks GmbH");
  script_family("Huawei EulerOS Local Security Checks");
  script_dependencies("gb_huawei_euleros_consolidation.nasl");
  script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRTARM64-3\.0\.5\.0");

  script_xref(name:"EulerOS-SA", value:"2020-1074");
  script_xref(name:"URL", value:"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1074");

  script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS
  'binutils' package(s) announced via the EulerOS-SA-2020-1074 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.(CVE-2019-1010180)

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.(CVE-2018-20002)

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.(CVE-2018-1000876)

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18606)

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18607)

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18605)

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds  ...

  Description truncated. Please see the references for more information.");

  script_tag(name:"affected", value:"'binutils' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "EULEROSVIRTARM64-3.0.5.0") {

  if(!isnull(res = isrpmvuln(pkg:"binutils", rpm:"binutils~2.31.1~13.h12.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.5.0"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if (__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562311220201074", "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1074)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-01-23T00:00:00", "modified": "2020-01-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201074", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["2020-1074", "https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1074"], "cvelist": ["CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2019-17450", "CVE-2019-1010180", "CVE-2019-12972", "CVE-2019-17451", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20002", "CVE-2018-18606"], "lastseen": "2020-01-27T18:39:34", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K24353255", "F5:K62602089"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2019-1_0-0203_BINUTILS.NASL", "GENTOO_GLSA-202007-39.NASL", "EULEROS_SA-2019-2522.NASL", "SUSE_SU-2019-2650-1.NASL", "EULEROS_SA-2020-1001.NASL", "EULEROS_SA-2020-1074.NASL", "EULEROS_SA-2019-2099.NASL", "PHOTONOS_PHSA-2019-2_0-0190_BINUTILS.NASL", "EULEROS_SA-2019-2276.NASL", "PHOTONOS_PHSA-2019-1_0-0257_BINUTILS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220192522", "OPENVAS:1361412562310852757", "OPENVAS:1361412562310852769", "OPENVAS:1361412562310844401", "OPENVAS:1361412562311220192099", "OPENVAS:1361412562311220201372", "OPENVAS:1361412562311220192276", "OPENVAS:1361412562310852909", "OPENVAS:1361412562311220201001", "OPENVAS:1361412562310852969"]}, {"type": "cve", "idList": ["CVE-2019-17451", "CVE-2018-18605", "CVE-2018-18309", "CVE-2019-12972", "CVE-2019-1010180", "CVE-2018-18606", "CVE-2018-1000876", "CVE-2018-20002", "CVE-2018-20671", "CVE-2020-1074", "CVE-2018-18607"]}, {"type": "gentoo", "idList": ["GLSA-202007-39", "GLSA-202003-31"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2415-1", "OPENSUSE-SU-2019:2432-1", "OPENSUSE-SU-2020:1790-1", "OPENSUSE-SU-2020:1804-1", "OPENSUSE-SU-2019:2493-1", "OPENSUSE-SU-2019:2494-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"]}, {"type": "ubuntu", "idList": ["USN-4336-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1635", "ELSA-2020-1797", "ELSA-2020-1074", "ELSA-2019-2075", "ELSA-2020-4465"]}, {"type": "redhat", "idList": ["RHSA-2020:1797", "RHSA-2020:1074", "RHSA-2020:1635", "RHSA-2019:2075", "RHSA-2020:4465"]}, {"type": "amazon", "idList": ["ALAS2-2019-1358"]}, {"type": "centos", "idList": ["CESA-2019:2075"]}, {"type": "talos", "idList": ["TALOS-2020-1074"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1074"]}], "modified": "2020-01-27T18:39:34", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2020-01-27T18:39:34", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "1361412562311220201074", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1074\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2018-1000876\", \"CVE-2018-18309\", \"CVE-2018-18605\", \"CVE-2018-18606\", \"CVE-2018-18607\", \"CVE-2018-20002\", \"CVE-2018-20671\", \"CVE-2019-1010180\", \"CVE-2019-12972\", \"CVE-2019-17450\", \"CVE-2019-17451\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:19:35 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1074)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1074\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1074\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2020-1074 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.(CVE-2019-1010180)\n\nThe _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.(CVE-2018-20002)\n\nbinutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.(CVE-2018-1000876)\n\nAn issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18606)\n\nAn issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18607)\n\nA heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18605)\n\nAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.31.1~13.h12.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Huawei EulerOS Local Security Checks"}

{"f5": [{"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2018-18605", "CVE-2018-18607", "CVE-2018-18606"], "description": "\nF5 Product Development has assigned CPF-25032 and CPF-25033 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | None | Not applicable | Not vulnerable2 | None | None \n13.x | None | Not applicable \n12.x | None | Not applicable \n11.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable2 | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable2 | None | None \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable2 | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [3.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L>) | Binutils \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2The vulnerable software may be present but it is not exploitable in the default, standard or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-12-28T22:29:00", "published": "2018-12-28T22:25:00", "id": "F5:K24353255", "href": "https://support.f5.com/csp/article/K24353255", "title": "Binutils vulnerabilities CVE-2018-18605, CVE-2018-18606, and CVE-2018-18607", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2018-12698", "CVE-2018-20657", "CVE-2018-20002"], "description": "\nF5 Product Development has assigned CPF-25067 and CPF-25068 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | None | Not applicable | Not vulnerable2 | None | None \n13.x | None | Not applicable \n12.x | None | Not applicable \n11.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable2 | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable2 | None | None \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable2 | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [3.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L>) | Binutils \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-03-26T02:33:00", "published": "2019-03-26T02:33:00", "id": "F5:K62602089", "href": "https://support.f5.com/csp/article/K62602089", "title": "Binutils vulnerabilities CVE-2018-20002 and CVE-2018-20657", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-07T09:02:02", "description": "According to the versions of the binutils package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - GNU gdb All versions is affected by: Buffer Overflow -\n Out of bound memory access. The impact is: Deny of\n Service, Memory Disclosure, and Possible Code\n Execution. The component is: The main gdb module. The\n attack vector is: Open an ELF for debugging. The fixed\n version is: Not fixed yet.(CVE-2019-1010180)\n\n - The _bfd_generic_read_minisymbols function in syms.c in\n the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.31, has a memory leak\n via a crafted ELF file, leading to a denial of service\n (memory consumption), as demonstrated by\n nm.(CVE-2018-20002)\n\n - binutils version 2.32 and earlier contains a Integer\n Overflow vulnerability in objdump,\n bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dyna\n mic_reloc that can result in Integer overflow trigger\n heap overflow. Successful exploitation allows execution\n of arbitrary code.. This attack appear to be\n exploitable via Local. This vulnerability appears to\n have been fixed in after commit\n 3a551c7a1b80fca579461774860574eabfd7f18f.(CVE-2018-1000\n 876)\n\n - An issue was discovered in the merge_strings function\n in merge.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge\n sections with large alignments. A specially crafted ELF\n allows remote attackers to cause a denial of service,\n as demonstrated by ld.(CVE-2018-18606)\n\n - An issue was discovered in elf_link_input_bfd in\n elflink.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n elf_link_input_bfd when used for finding STT_TLS\n symbols without any TLS section. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18607)\n\n - A heap-based buffer over-read issue was discovered in\n the function sec_merge_hash_lookup in merge.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.31, because\n _bfd_add_merge_section mishandles section merges when\n size is not a multiple of entsize. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18605)\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.31. An invalid memory address dereference\n was discovered in read_reloc in reloc.c. The\n vulnerability causes a segmentation fault and\n application crash, which leads to denial of service, as\n demonstrated by objdump, because of missing\n _bfd_clear_contents bounds checking.(CVE-2018-18309)\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. It is an integer overflow leading to a\n SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as\n demonstrated by nm.(CVE-2019-17451)\n\n - find_abstract_instance in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.32, allows remote attackers to cause\n a denial of service (infinite recursion and application\n crash) via a crafted ELF file.(CVE-2019-17450)\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. There is a heap-based buffer over-read\n in _bfd_doprnt in bfd.c because elf_object_p in\n elfcode.h mishandles an e_shstrndx section of type\n SHT_GROUP by omitting a trailing '\\0'\n character.(CVE-2019-12972)\n\n - load_specific_debug_section in objdump.c in GNU\n Binutils through 2.31.1 contains an integer overflow\n vulnerability that can trigger a heap-based buffer\n overflow via a crafted section size.(CVE-2018-20671)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : binutils (EulerOS-SA-2020-1074)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2018-1000", "CVE-2019-17450", "CVE-2019-1010180", "CVE-2019-12972", "CVE-2019-17451", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20002", "CVE-2018-18606"], "modified": "2020-01-13T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.5.0", "p-cpe:/a:huawei:euleros:binutils"], "id": "EULEROS_SA-2020-1074.NASL", "href": "https://www.tenable.com/plugins/nessus/132828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132828);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000876\",\n \"CVE-2018-18309\",\n \"CVE-2018-18605\",\n \"CVE-2018-18606\",\n \"CVE-2018-18607\",\n \"CVE-2018-20002\",\n \"CVE-2018-20671\",\n \"CVE-2019-1010180\",\n \"CVE-2019-12972\",\n \"CVE-2019-17450\",\n \"CVE-2019-17451\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : binutils (EulerOS-SA-2020-1074)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - GNU gdb All versions is affected by: Buffer Overflow -\n Out of bound memory access. The impact is: Deny of\n Service, Memory Disclosure, and Possible Code\n Execution. The component is: The main gdb module. The\n attack vector is: Open an ELF for debugging. The fixed\n version is: Not fixed yet.(CVE-2019-1010180)\n\n - The _bfd_generic_read_minisymbols function in syms.c in\n the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.31, has a memory leak\n via a crafted ELF file, leading to a denial of service\n (memory consumption), as demonstrated by\n nm.(CVE-2018-20002)\n\n - binutils version 2.32 and earlier contains a Integer\n Overflow vulnerability in objdump,\n bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dyna\n mic_reloc that can result in Integer overflow trigger\n heap overflow. Successful exploitation allows execution\n of arbitrary code.. This attack appear to be\n exploitable via Local. This vulnerability appears to\n have been fixed in after commit\n 3a551c7a1b80fca579461774860574eabfd7f18f.(CVE-2018-1000\n 876)\n\n - An issue was discovered in the merge_strings function\n in merge.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge\n sections with large alignments. A specially crafted ELF\n allows remote attackers to cause a denial of service,\n as demonstrated by ld.(CVE-2018-18606)\n\n - An issue was discovered in elf_link_input_bfd in\n elflink.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n elf_link_input_bfd when used for finding STT_TLS\n symbols without any TLS section. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18607)\n\n - A heap-based buffer over-read issue was discovered in\n the function sec_merge_hash_lookup in merge.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.31, because\n _bfd_add_merge_section mishandles section merges when\n size is not a multiple of entsize. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18605)\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.31. An invalid memory address dereference\n was discovered in read_reloc in reloc.c. The\n vulnerability causes a segmentation fault and\n application crash, which leads to denial of service, as\n demonstrated by objdump, because of missing\n _bfd_clear_contents bounds checking.(CVE-2018-18309)\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. It is an integer overflow leading to a\n SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as\n demonstrated by nm.(CVE-2019-17451)\n\n - find_abstract_instance in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.32, allows remote attackers to cause\n a denial of service (infinite recursion and application\n crash) via a crafted ELF file.(CVE-2019-17450)\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. There is a heap-based buffer over-read\n in _bfd_doprnt in bfd.c because elf_object_p in\n elfcode.h mishandles an e_shstrndx section of type\n SHT_GROUP by omitting a trailing '\\0'\n character.(CVE-2019-12972)\n\n - load_specific_debug_section in objdump.c in GNU\n Binutils through 2.31.1 contains an integer overflow\n vulnerability that can trigger a heap-based buffer\n overflow via a crafted section size.(CVE-2018-20671)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1074\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?043d6f7a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.31.1-13.h12.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:59:42", "description": "According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.31. An invalid memory address dereference\n was discovered in read_reloc in reloc.c. The\n vulnerability causes a segmentation fault and\n application crash, which leads to denial of service, as\n demonstrated by objdump, because of missing\n _bfd_clear_contents bounds checking.(CVE-2018-18309)\n\n - A heap-based buffer over-read issue was discovered in\n the function sec_merge_hash_lookup in merge.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.31, because\n _bfd_add_merge_section mishandles section merges when\n size is not a multiple of entsize. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18605)\n\n - An issue was discovered in elf_link_input_bfd in\n elflink.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n elf_link_input_bfd when used for finding STT_TLS\n symbols without any TLS section. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18607)\n\n - An issue was discovered in the merge_strings function\n in merge.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge\n sections with large alignments. A specially crafted ELF\n allows remote attackers to cause a denial of service,\n as demonstrated by ld.(CVE-2018-18606)\n\n - binutils version 2.32 and earlier contains a Integer\n Overflow vulnerability in objdump,\n bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dyna\n mic_reloc that can result in Integer overflow trigger\n heap overflow. Successful exploitation allows execution\n of arbitrary code.. This attack appear to be\n exploitable via Local. This vulnerability appears to\n have been fixed in after commit\n 3a551c7a1b80fca579461774860574eabfd7f18f.(CVE-2018-1000\n 876)\n\n - The _bfd_generic_read_minisymbols function in syms.c in\n the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.31, has a memory leak\n via a crafted ELF file, leading to a denial of service\n (memory consumption), as demonstrated by\n nm.(CVE-2018-20002)\n\n - GNU gdb All versions is affected by: Buffer Overflow -\n Out of bound memory access. The impact is: Deny of\n Service, Memory Disclosure, and Possible Code\n Execution. The component is: The main gdb module. The\n attack vector is: Open an ELF for debugging. The fixed\n version is: Not fixed yet.(CVE-2019-1010180)\n\n - apply_relocations in readelf.c in GNU Binutils 2.32\n contains an integer overflow that allows attackers to\n trigger a write access violation (in\n byte_put_little_endian function in elfcomm.c) via an\n ELF file, as demonstrated by readelf.(CVE-2019-14444)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 9, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-12T00:00:00", "title": "EulerOS 2.0 SP8 : binutils (EulerOS-SA-2019-2099)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2018-1000", "CVE-2019-1010180", "CVE-2018-18607", "CVE-2018-20002", "CVE-2019-14444", "CVE-2018-18606"], "modified": "2019-11-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils-devel", "p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2099.NASL", "href": "https://www.tenable.com/plugins/nessus/130808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130808);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000876\",\n \"CVE-2018-18309\",\n \"CVE-2018-18605\",\n \"CVE-2018-18606\",\n \"CVE-2018-18607\",\n \"CVE-2018-20002\",\n \"CVE-2019-1010180\",\n \"CVE-2019-14444\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : binutils (EulerOS-SA-2019-2099)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.31. An invalid memory address dereference\n was discovered in read_reloc in reloc.c. The\n vulnerability causes a segmentation fault and\n application crash, which leads to denial of service, as\n demonstrated by objdump, because of missing\n _bfd_clear_contents bounds checking.(CVE-2018-18309)\n\n - A heap-based buffer over-read issue was discovered in\n the function sec_merge_hash_lookup in merge.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.31, because\n _bfd_add_merge_section mishandles section merges when\n size is not a multiple of entsize. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18605)\n\n - An issue was discovered in elf_link_input_bfd in\n elflink.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n elf_link_input_bfd when used for finding STT_TLS\n symbols without any TLS section. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18607)\n\n - An issue was discovered in the merge_strings function\n in merge.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge\n sections with large alignments. A specially crafted ELF\n allows remote attackers to cause a denial of service,\n as demonstrated by ld.(CVE-2018-18606)\n\n - binutils version 2.32 and earlier contains a Integer\n Overflow vulnerability in objdump,\n bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dyna\n mic_reloc that can result in Integer overflow trigger\n heap overflow. Successful exploitation allows execution\n of arbitrary code.. This attack appear to be\n exploitable via Local. This vulnerability appears to\n have been fixed in after commit\n 3a551c7a1b80fca579461774860574eabfd7f18f.(CVE-2018-1000\n 876)\n\n - The _bfd_generic_read_minisymbols function in syms.c in\n the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.31, has a memory leak\n via a crafted ELF file, leading to a denial of service\n (memory consumption), as demonstrated by\n nm.(CVE-2018-20002)\n\n - GNU gdb All versions is affected by: Buffer Overflow -\n Out of bound memory access. The impact is: Deny of\n Service, Memory Disclosure, and Possible Code\n Execution. The component is: The main gdb module. The\n attack vector is: Open an ELF for debugging. The fixed\n version is: Not fixed yet.(CVE-2019-1010180)\n\n - apply_relocations in readelf.c in GNU Binutils 2.32\n contains an integer overflow that allows attackers to\n trigger a write access violation (in\n byte_put_little_endian function in elfcomm.c) via an\n ELF file, as demonstrated by readelf.(CVE-2019-14444)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2099\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?225bde2c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.31.1-13.h7.eulerosv2r8\",\n \"binutils-devel-2.31.1-13.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:01:17", "description": "According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. It is an integer overflow leading to a\n SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as\n demonstrated by nm.(CVE-2019-17451)\n\n - A heap-based buffer over-read issue was discovered in\n the function sec_merge_hash_lookup in merge.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.31, because\n _bfd_add_merge_section mishandles section merges when\n size is not a multiple of entsize. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18605)\n\n - An issue was discovered in the merge_strings function\n in merge.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge\n sections with large alignments. A specially crafted ELF\n allows remote attackers to cause a denial of service,\n as demonstrated by ld.(CVE-2018-18606)\n\n - An issue was discovered in elf_link_input_bfd in\n elflink.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n elf_link_input_bfd when used for finding STT_TLS\n symbols without any TLS section. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18607)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 9, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-12-09T00:00:00", "title": "EulerOS 2.0 SP5 : binutils (EulerOS-SA-2019-2522)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18605", "CVE-2019-17451", "CVE-2018-18607", "CVE-2018-18606"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils-devel", "p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2522.NASL", "href": "https://www.tenable.com/plugins/nessus/131796", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131796);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-18605\",\n \"CVE-2018-18606\",\n \"CVE-2018-18607\",\n \"CVE-2019-17451\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : binutils (EulerOS-SA-2019-2522)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. It is an integer overflow leading to a\n SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as\n demonstrated by nm.(CVE-2019-17451)\n\n - A heap-based buffer over-read issue was discovered in\n the function sec_merge_hash_lookup in merge.c in the\n Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.31, because\n _bfd_add_merge_section mishandles section merges when\n size is not a multiple of entsize. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18605)\n\n - An issue was discovered in the merge_strings function\n in merge.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge\n sections with large alignments. A specially crafted ELF\n allows remote attackers to cause a denial of service,\n as demonstrated by ld.(CVE-2018-18606)\n\n - An issue was discovered in elf_link_input_bfd in\n elflink.c in the Binary File Descriptor (BFD) library\n (aka libbfd), as distributed in GNU Binutils 2.31.\n There is a NULL pointer dereference in\n elf_link_input_bfd when used for finding STT_TLS\n symbols without any TLS section. A specially crafted\n ELF allows remote attackers to cause a denial of\n service, as demonstrated by ld.(CVE-2018-18607)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2522\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0dc8ac1d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17451\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.27-28.base.1.h32.eulerosv2r7\",\n \"binutils-devel-2.27-28.base.1.h32.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-14T06:21:40", "description": "This update for binutils fixes the following issues :\n\nbinutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368] :\n\nIncludes the following security fixes :\n\nCVE-2018-17358: Fixed invalid memory access in\n_bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)\n\nCVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in\nopncls.c (bsc#1109413)\n\nCVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in\nlibbfd.c (bsc#1109414)\n\nCVE-2018-17985: Fixed a stack consumption problem caused by the\ncplus_demangle_type (bsc#1116827)\n\nCVE-2018-18309: Fixed an invalid memory address dereference was\ndiscovered in read_reloc in reloc.c (bsc#1111996)\n\nCVE-2018-18483: Fixed get_count function provided by libiberty that\nallowed attackers to cause a denial of service or other unspecified\nimpact (bsc#1112535)\n\nCVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions\nprovided by libiberty, caused by recursive stack frames (bsc#1112534)\n\nCVE-2018-18605: Fixed a heap-based buffer over-read issue was\ndiscovered in the function sec_merge_hash_lookup causing a denial of\nservice (bsc#1113255)\n\nCVE-2018-18606: Fixed a NULL pointer dereference in\n_bfd_add_merge_section when attempting to merge sections with large\nalignments, causing denial of service (bsc#1113252)\n\nCVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd\nwhen used for finding STT_TLS symbols without any TLS section, causing\ndenial of service (bsc#1113247)\n\nCVE-2018-19931: Fixed a heap-based buffer overflow in\nbfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)\n\nCVE-2018-19932: Fixed an integer overflow and infinite loop caused by\nthe IS_CONTAINED_BY_LMA (bsc#1118830)\n\nCVE-2018-20623: Fixed a use-after-free in the error function in\nelfcomm.c (bsc#1121035)\n\nCVE-2018-20651: Fixed a denial of service via a NULL pointer\ndereference in elf_link_add_object_symbols in elflink.c (bsc#1121034)\n\nCVE-2018-20671: Fixed an integer overflow that can trigger a\nheap-based buffer overflow in load_specific_debug_section in objdump.c\n(bsc#1121056)\n\nCVE-2018-1000876: Fixed integer overflow in\nbfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in\nobjdump (bsc#1120640)\n\nCVE-2019-1010180: Fixed an out of bound memory access that could lead\nto crashes (bsc#1142772)\n\nEnable xtensa architecture (Tensilica lc6 and related)\n\nUse -ffat-lto-objects in order to provide assembly for static libs\n(bsc#1141913).\n\nFixed some LTO problems (bsc#1133131 bsc#1133232).\n\nriscv: Don't check ABI flags if no code section\n\nUpdate to binutils 2.32: The binutils now support for the C-SKY\nprocessor series.\n\nThe x86 assembler now supports a -mvexwig=[0|1] option to control\nencoding of VEX.W-ignored (WIG) VEX instructions. It also has a new\n\n-mx86-used-note=[yes|no] option to generate (or not) x86 GNU property\nnotes.\n\nThe MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the\nLoongson EXTensions (EXT) instructions, the Loongson Content Address\nMemory (CAM) ASE and the Loongson MultiMedia extensions Instructions\n(MMI) ASE.\n\nThe addr2line, c++filt, nm and objdump tools now have a default limit\non the maximum amount of recursion that is allowed whilst demangling\nstrings. This limit can be disabled if necessary.\n\nObjdump's --disassemble option can now take a parameter, specifying\nthe starting symbol for disassembly. Disassembly will continue from\nthis symbol up to the next symbol or the end of the function.\n\nThe BFD linker will now report property change in linker map file when\nmerging GNU properties.\n\nThe BFD linker's -t option now doesn't report members within archives,\nunless -t is given twice. This makes it more useful when generating a\nlist of files that should be packaged for a linker bug report.\n\nThe GOLD linker has improved warning messages for relocations that\nrefer to discarded sections.\n\nImprove relro support on s390 [fate#326356]\n\nHandle ELF compressed header alignment correctly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-15T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2019:2650-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2018-17358", "CVE-2018-17985", "CVE-2019-1010180", "CVE-2018-17360", "CVE-2018-19931", "CVE-2018-18483", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2018-17359", "CVE-2018-20623", "CVE-2018-18606"], "modified": "2019-10-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:binutils-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:binutils-debugsource", "p-cpe:/a:novell:suse_linux:binutils", "p-cpe:/a:novell:suse_linux:binutils-devel"], "id": "SUSE_SU-2019-2650-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129879", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2650-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129879);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-1000876\", \"CVE-2018-17358\", \"CVE-2018-17359\", \"CVE-2018-17360\", \"CVE-2018-17985\", \"CVE-2018-18309\", \"CVE-2018-18483\", \"CVE-2018-18484\", \"CVE-2018-18605\", \"CVE-2018-18606\", \"CVE-2018-18607\", \"CVE-2018-19931\", \"CVE-2018-19932\", \"CVE-2018-20623\", \"CVE-2018-20651\", \"CVE-2018-20671\", \"CVE-2019-1010180\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2019:2650-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for binutils fixes the following issues :\n\nbinutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368] :\n\nIncludes the following security fixes :\n\nCVE-2018-17358: Fixed invalid memory access in\n_bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)\n\nCVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in\nopncls.c (bsc#1109413)\n\nCVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in\nlibbfd.c (bsc#1109414)\n\nCVE-2018-17985: Fixed a stack consumption problem caused by the\ncplus_demangle_type (bsc#1116827)\n\nCVE-2018-18309: Fixed an invalid memory address dereference was\ndiscovered in read_reloc in reloc.c (bsc#1111996)\n\nCVE-2018-18483: Fixed get_count function provided by libiberty that\nallowed attackers to cause a denial of service or other unspecified\nimpact (bsc#1112535)\n\nCVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions\nprovided by libiberty, caused by recursive stack frames (bsc#1112534)\n\nCVE-2018-18605: Fixed a heap-based buffer over-read issue was\ndiscovered in the function sec_merge_hash_lookup causing a denial of\nservice (bsc#1113255)\n\nCVE-2018-18606: Fixed a NULL pointer dereference in\n_bfd_add_merge_section when attempting to merge sections with large\nalignments, causing denial of service (bsc#1113252)\n\nCVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd\nwhen used for finding STT_TLS symbols without any TLS section, causing\ndenial of service (bsc#1113247)\n\nCVE-2018-19931: Fixed a heap-based buffer overflow in\nbfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)\n\nCVE-2018-19932: Fixed an integer overflow and infinite loop caused by\nthe IS_CONTAINED_BY_LMA (bsc#1118830)\n\nCVE-2018-20623: Fixed a use-after-free in the error function in\nelfcomm.c (bsc#1121035)\n\nCVE-2018-20651: Fixed a denial of service via a NULL pointer\ndereference in elf_link_add_object_symbols in elflink.c (bsc#1121034)\n\nCVE-2018-20671: Fixed an integer overflow that can trigger a\nheap-based buffer overflow in load_specific_debug_section in objdump.c\n(bsc#1121056)\n\nCVE-2018-1000876: Fixed integer overflow in\nbfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in\nobjdump (bsc#1120640)\n\nCVE-2019-1010180: Fixed an out of bound memory access that could lead\nto crashes (bsc#1142772)\n\nEnable xtensa architecture (Tensilica lc6 and related)\n\nUse -ffat-lto-objects in order to provide assembly for static libs\n(bsc#1141913).\n\nFixed some LTO problems (bsc#1133131 bsc#1133232).\n\nriscv: Don't check ABI flags if no code section\n\nUpdate to binutils 2.32: The binutils now support for the C-SKY\nprocessor series.\n\nThe x86 assembler now supports a -mvexwig=[0|1] option to control\nencoding of VEX.W-ignored (WIG) VEX instructions. It also has a new\n\n-mx86-used-note=[yes|no] option to generate (or not) x86 GNU property\nnotes.\n\nThe MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the\nLoongson EXTensions (EXT) instructions, the Loongson Content Address\nMemory (CAM) ASE and the Loongson MultiMedia extensions Instructions\n(MMI) ASE.\n\nThe addr2line, c++filt, nm and objdump tools now have a default limit\non the maximum amount of recursion that is allowed whilst demangling\nstrings. This limit can be disabled if necessary.\n\nObjdump's --disassemble option can now take a parameter, specifying\nthe starting symbol for disassembly. Disassembly will continue from\nthis symbol up to the next symbol or the end of the function.\n\nThe BFD linker will now report property change in linker map file when\nmerging GNU properties.\n\nThe BFD linker's -t option now doesn't report members within archives,\nunless -t is given twice. This makes it more useful when generating a\nlist of files that should be packaged for a linker bug report.\n\nThe GOLD linker has improved warning messages for relocations that\nrefer to discarded sections.\n\nImprove relro support on s390 [fate#326356]\n\nHandle ELF compressed header alignment correctly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000876/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17360/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17985/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18483/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18484/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18605/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18606/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18607/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19931/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19932/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20623/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20651/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1010180/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192650-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc1443fc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-2650=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-2650=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-2650=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2019-2650=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2650=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-2650=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2650=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-2650=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-2650=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2650=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2650=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-2650=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2650=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-2650=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-2650=1\n\nSUSE Linux Enterprise Desktop 12-SP5:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP5-2019-2650=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2650=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2650=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-2650=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-2650=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1010180\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"binutils-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"binutils-debuginfo-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"binutils-debugsource-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"binutils-devel-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"binutils-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"binutils-debuginfo-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"binutils-debugsource-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"binutils-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"binutils-debuginfo-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"binutils-debugsource-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"binutils-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"binutils-debuginfo-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"binutils-debugsource-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"binutils-devel-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"binutils-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"binutils-debuginfo-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"binutils-debugsource-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"binutils-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"binutils-debuginfo-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"binutils-debugsource-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"binutils-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"binutils-debuginfo-2.32-9.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"binutils-debugsource-2.32-9.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:01:46", "description": "According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - load_specific_debug_section in objdump.c in GNU\n Binutils through 2.31.1 contains an integer overflow\n vulnerability that can trigger a heap-based buffer\n overflow via a crafted section size.(CVE-2018-20671)\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. There is a heap-based buffer over-read\n in _bfd_doprnt in bfd.c because elf_object_p in\n elfcode.h mishandles an e_shstrndx section of type\n SHT_GROUP by omitting a trailing '\\0'\n character.(CVE-2019-12972)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 9, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-01-02T00:00:00", "title": "EulerOS 2.0 SP8 : binutils (EulerOS-SA-2020-1001)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12972", "CVE-2018-20671"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils-devel", "p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1001.NASL", "href": "https://www.tenable.com/plugins/nessus/132594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132594);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-20671\",\n \"CVE-2019-12972\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : binutils (EulerOS-SA-2020-1001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - load_specific_debug_section in objdump.c in GNU\n Binutils through 2.31.1 contains an integer overflow\n vulnerability that can trigger a heap-based buffer\n overflow via a crafted section size.(CVE-2018-20671)\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. There is a heap-based buffer over-read\n in _bfd_doprnt in bfd.c because elf_object_p in\n elfcode.h mishandles an e_shstrndx section of type\n SHT_GROUP by omitting a trailing '\\0'\n character.(CVE-2019-12972)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8373e156\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.31.1-13.h12.eulerosv2r8\",\n \"binutils-devel-2.31.1-13.h12.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-31T02:30:41", "description": "The remote host is affected by the vulnerability described in GLSA-202007-39\n(Binutils: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Binutils. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 2, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-07-27T00:00:00", "title": "GLSA-202007-39 : Binutils: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-17450", "CVE-2019-14250", "CVE-2019-12972", "CVE-2019-17451", "CVE-2019-14444"], "modified": "2020-07-27T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:binutils", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202007-39.NASL", "href": "https://www.tenable.com/plugins/nessus/138962", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-39.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138962);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/30\");\n\n script_cve_id(\"CVE-2019-12972\", \"CVE-2019-14250\", \"CVE-2019-14444\", \"CVE-2019-17450\", \"CVE-2019-17451\");\n script_xref(name:\"GLSA\", value:\"202007-39\");\n\n script_name(english:\"GLSA-202007-39 : Binutils: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-39\n(Binutils: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Binutils. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202007-39\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Binutils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/binutils-2.33.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-devel/binutils\", unaffected:make_list(\"ge 2.33.1\"), vulnerable:make_list(\"lt 2.33.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:08:08", "description": "An update of the binutils package has been released.", "edition": 14, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-12-31T00:00:00", "title": "Photon OS 1.0: Binutils PHSA-2019-1.0-0257", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-17450", "CVE-2019-17451"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:binutils", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0257_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/132521", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0257. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132521);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-17450\", \"CVE-2019-17451\");\n\n script_name(english:\"Photon OS 1.0: Binutils PHSA-2019-1.0-0257\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-257.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17451\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"binutils-2.32-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"binutils-debuginfo-2.32-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"binutils-devel-2.32-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:08:27", "description": "An update of the binutils package has been released.", "edition": 14, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-12-31T00:00:00", "title": "Photon OS 2.0: Binutils PHSA-2019-2.0-0190", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-17450", "CVE-2019-17451"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:vmware:photonos:2.0", "p-cpe:/a:vmware:photonos:binutils"], "id": "PHOTONOS_PHSA-2019-2_0-0190_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/132531", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0190. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132531);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-17450\", \"CVE-2019-17451\");\n\n script_name(english:\"Photon OS 2.0: Binutils PHSA-2019-2.0-0190\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-190.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17451\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"binutils-2.32-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"binutils-debuginfo-2.32-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"binutils-devel-2.32-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:00:08", "description": "According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. It is an integer overflow leading to a\n SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as\n demonstrated by nm.(CVE-2019-17451)\n\n - find_abstract_instance in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.32, allows remote attackers to cause\n a denial of service (infinite recursion and application\n crash) via a crafted ELF file.(CVE-2019-17450)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-11-27T00:00:00", "title": "EulerOS 2.0 SP8 : binutils (EulerOS-SA-2019-2276)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-17450", "CVE-2019-17451"], "modified": "2019-11-27T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils-devel", "p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2276.NASL", "href": "https://www.tenable.com/plugins/nessus/131342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131342);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-17450\",\n \"CVE-2019-17451\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : binutils (EulerOS-SA-2019-2276)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Binary File Descriptor\n (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. It is an integer overflow leading to a\n SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as\n demonstrated by nm.(CVE-2019-17451)\n\n - find_abstract_instance in dwarf2.c in the Binary File\n Descriptor (BFD) library (aka libbfd), as distributed\n in GNU Binutils 2.32, allows remote attackers to cause\n a denial of service (infinite recursion and application\n crash) via a crafted ELF file.(CVE-2019-17450)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2276\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3fe822d1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.31.1-13.h8.eulerosv2r8\",\n \"binutils-devel-2.31.1-13.h8.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:39:50", "description": "An update of the binutils package has been released.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Binutils PHSA-2019-1.0-0203", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15686", "CVE-2018-18484", "CVE-2018-18605", "CVE-2018-17794", "CVE-2018-18607", "CVE-2018-18606"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:binutils", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0203_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/122014", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0203. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122014);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\n \"CVE-2018-17794\",\n \"CVE-2018-18484\",\n \"CVE-2018-18605\",\n \"CVE-2018-18606\",\n \"CVE-2018-18607\"\n );\n\n script_name(english:\"Photon OS 1.0: Binutils PHSA-2019-1.0-0203\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-203.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15686\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-debuginfo-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-debuginfo-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-debuginfo-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-debuginfo-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-debuginfo-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-devel-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-devel-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-devel-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-devel-2.31-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-devel-2.31-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-27T18:34:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2019-1010180", "CVE-2018-18607", "CVE-2018-20002", "CVE-2019-14444", "CVE-2018-18606"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192099", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2099)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2099\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2018-1000876\", \"CVE-2018-18309\", \"CVE-2018-18605\", \"CVE-2018-18606\", \"CVE-2018-18607\", \"CVE-2018-20002\", \"CVE-2019-1010180\", \"CVE-2019-14444\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:34:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2099)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2099\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2099\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2019-2099 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.(CVE-2018-18309)\n\nA heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18605)\n\nAn issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18607)\n\nAn issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18606)\n\nbinutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.(CVE-2018-1000876)\n\nThe _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.(CVE-2018-20002)\n\nGNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.(CVE-2019-1010180)\n ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.31.1~13.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.31.1~13.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18605", "CVE-2019-17451", "CVE-2018-18607", "CVE-2018-18606"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192522", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192522", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2522)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2522\");\n script_version(\"2020-01-23T13:03:31+0000\");\n script_cve_id(\"CVE-2018-18605\", \"CVE-2018-18606\", \"CVE-2018-18607\", \"CVE-2019-17451\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:03:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:03:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2522)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2522\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2522\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2019-2522 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.(CVE-2019-17451)\n\nA heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18605)\n\nAn issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18606)\n\nAn issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18607)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.27~28.base.1.h32.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.27~28.base.1.h32.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12972", "CVE-2018-20671"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201001", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201001", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1001)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1001\");\n script_version(\"2020-01-23T13:15:13+0000\");\n script_cve_id(\"CVE-2018-20671\", \"CVE-2019-12972\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:15:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:15:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1001)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1001\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1001\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2020-1001 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.(CVE-2018-20671)\n\nAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\0' character.(CVE-2019-12972)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.31.1~13.h12.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.31.1~13.h12.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:36:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-17450", "CVE-2019-17451"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192276", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192276", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2276)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2276\");\n script_version(\"2020-01-23T12:45:02+0000\");\n script_cve_id(\"CVE-2019-17450\", \"CVE-2019-17451\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:45:02 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:45:02 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2276)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2276\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2276\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2019-2276 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.(CVE-2019-17451)\n\nfind_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.(CVE-2019-17450)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.31.1~13.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.31.1~13.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-17T16:55:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18309", "CVE-2018-17358", "CVE-2019-12972", "CVE-2018-18483", "CVE-2018-17359"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-16T00:00:00", "published": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201372", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1372)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1372\");\n script_version(\"2020-04-16T05:45:41+0000\");\n script_cve_id(\"CVE-2018-17358\", \"CVE-2018-17359\", \"CVE-2018-18309\", \"CVE-2018-18483\", \"CVE-2019-12972\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:45:41 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:45:41 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1372)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1372\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1372\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2020-1372 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.(CVE-2018-18483)\n\nAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.(CVE-2018-18309)\n\nAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\0' character.(CVE-2019-12972)\n\nAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.(CVE-2018-17358)\n\nAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.(CVE-2018-17359)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.25.1~22.base.h38\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.25.1~22.base.h38\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:27:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2018-7570", "CVE-2018-17358", "CVE-2018-7569", "CVE-2018-17985", "CVE-2018-6872", "CVE-2019-1010180", "CVE-2018-17360", "CVE-2018-6543", "CVE-2018-19931", "CVE-2018-18483", "CVE-2018-7568", "CVE-2018-6323", "CVE-2018-7643", "CVE-2018-6759", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2018-17359", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852909", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852909", "type": "openvas", "title": "openSUSE: Security Advisory for binutils (openSUSE-SU-2019:2432-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852909\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-1000876\", \"CVE-2018-17358\", \"CVE-2018-17359\", \"CVE-2018-17360\",\n \"CVE-2018-17985\", \"CVE-2018-18309\", \"CVE-2018-18483\", \"CVE-2018-18484\",\n \"CVE-2018-18605\", \"CVE-2018-18606\", \"CVE-2018-18607\", \"CVE-2018-19931\",\n \"CVE-2018-19932\", \"CVE-2018-20623\", \"CVE-2018-20651\", \"CVE-2018-20671\",\n \"CVE-2018-6323\", \"CVE-2018-6543\", \"CVE-2018-6759\", \"CVE-2018-6872\",\n \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7570\",\n \"CVE-2018-7642\", \"CVE-2018-7643\", \"CVE-2018-8945\", \"CVE-2019-1010180\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:44:18 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for binutils (openSUSE-SU-2019:2432-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2432-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'binutils'\n package(s) announced via the openSUSE-SU-2019:2432-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for binutils fixes the following issues:\n\n binutils was updated to current 2.32 branch [jsc#ECO-368].\n\n Includes following security fixes:\n\n - CVE-2018-17358: Fixed invalid memory access in\n _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)\n\n - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in\n opncls.c (bsc#1109413)\n\n - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in\n libbfd.c (bsc#1109414)\n\n - CVE-2018-17985: Fixed a stack consumption problem caused by the\n cplus_demangle_type (bsc#1116827)\n\n - CVE-2018-18309: Fixed an invalid memory address dereference was\n discovered in read_reloc in reloc.c (bsc#1111996)\n\n - CVE-2018-18483: Fixed get_count function provided by libiberty that\n allowed attackers to cause a denial of service or other unspecified\n impact (bsc#1112535)\n\n - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions\n provided by libiberty, caused by recursive stack frames (bsc#1112534)\n\n - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered\n in the function sec_merge_hash_lookup causing a denial of service\n (bsc#1113255)\n\n - CVE-2018-18606: Fixed a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge sections with large\n alignments, causing denial of service (bsc#1113252)\n\n - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd\n when used for finding STT_TLS symbols without any TLS section, causing\n denial of service (bsc#1113247)\n\n - CVE-2018-19931: Fixed a heap-based buffer overflow in\n bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)\n\n - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by\n the IS_CONTAINED_BY_LMA (bsc#1118830)\n\n - CVE-2018-20623: Fixed a use-after-free in the error function in\n elfcomm.c (bsc#1121035)\n\n - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference\n in elf_link_add_object_symbols in elflink.c (bsc#1121034)\n\n - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based\n buffer overflow in load_specific_debug_section in objdump.c\n (bsc#1121056)\n\n - CVE-2018-1000876: Fixed integer overflow in\n bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc in\n objdump (bsc#1120640)\n\n - CVE-2019-1010180: Fixed an out of bound memory access that could lead to\n crashes (bsc#1142772)\n\n - enable xtensa architecture (Tensilica lc6 and related)\n\n - Use -ffat-lto-objects in order to provide assembly for static libs\n (bsc#1141913).\n\n - Fixed some LTO build issues (bsc#1133131 bsc#1133232).\n\n - riscv: Don't check ABI flags if no code section\n ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-debuginfo\", rpm:\"binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-debugsource\", rpm:\"binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-gold\", rpm:\"binutils-gold~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-gold-debuginfo\", rpm:\"binutils-gold-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel-32bit\", rpm:\"binutils-devel-32bit~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-aarch64-binutils\", rpm:\"cross-aarch64-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-aarch64-binutils-debuginfo\", rpm:\"cross-aarch64-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-aarch64-binutils-debugsource\", rpm:\"cross-aarch64-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-arm-binutils\", rpm:\"cross-arm-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-arm-binutils-debuginfo\", rpm:\"cross-arm-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-arm-binutils-debugsource\", rpm:\"cross-arm-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-avr-binutils\", rpm:\"cross-avr-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-avr-binutils-debuginfo\", rpm:\"cross-avr-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-avr-binutils-debugsource\", rpm:\"cross-avr-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-epiphany-binutils\", rpm:\"cross-epiphany-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-epiphany-binutils-debuginfo\", rpm:\"cross-epiphany-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-epiphany-binutils-debugsource\", rpm:\"cross-epiphany-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa-binutils\", rpm:\"cross-hppa-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa-binutils-debuginfo\", rpm:\"cross-hppa-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa-binutils-debugsource\", rpm:\"cross-hppa-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa64-binutils\", rpm:\"cross-hppa64-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa64-binutils-debuginfo\", rpm:\"cross-hppa64-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-hppa64-binutils-debugsource\", rpm:\"cross-hppa64-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-i386-binutils\", rpm:\"cross-i386-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-i386-binutils-debuginfo\", rpm:\"cross-i386-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-i386-binutils-debugsource\", rpm:\"cross-i386-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ia64-binutils\", rpm:\"cross-ia64-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ia64-binutils-debuginfo\", rpm:\"cross-ia64-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ia64-binutils-debugsource\", rpm:\"cross-ia64-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-m68k-binutils\", rpm:\"cross-m68k-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-m68k-binutils-debuginfo\", rpm:\"cross-m68k-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-m68k-binutils-debugsource\", rpm:\"cross-m68k-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-mips-binutils\", rpm:\"cross-mips-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-mips-binutils-debuginfo\", rpm:\"cross-mips-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-mips-binutils-debugsource\", rpm:\"cross-mips-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc-binutils\", rpm:\"cross-ppc-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc-binutils-debuginfo\", rpm:\"cross-ppc-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc-binutils-debugsource\", rpm:\"cross-ppc-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64-binutils\", rpm:\"cross-ppc64-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64-binutils-debuginfo\", rpm:\"cross-ppc64-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64-binutils-debugsource\", rpm:\"cross-ppc64-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64le-binutils\", rpm:\"cross-ppc64le-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64le-binutils-debuginfo\", rpm:\"cross-ppc64le-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-ppc64le-binutils-debugsource\", rpm:\"cross-ppc64le-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-riscv64-binutils\", rpm:\"cross-riscv64-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-riscv64-binutils-debuginfo\", rpm:\"cross-riscv64-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-riscv64-binutils-debugsource\", rpm:\"cross-riscv64-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-rx-binutils\", rpm:\"cross-rx-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-rx-binutils-debuginfo\", rpm:\"cross-rx-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-rx-binutils-debugsource\", rpm:\"cross-rx-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390-binutils\", rpm:\"cross-s390-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390-binutils-debuginfo\", rpm:\"cross-s390-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390-binutils-debugsource\", rpm:\"cross-s390-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390x-binutils\", rpm:\"cross-s390x-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390x-binutils-debuginfo\", rpm:\"cross-s390x-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-s390x-binutils-debugsource\", rpm:\"cross-s390x-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc-binutils\", rpm:\"cross-sparc-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc-binutils-debuginfo\", rpm:\"cross-sparc-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc-binutils-debugsource\", rpm:\"cross-sparc-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc64-binutils\", rpm:\"cross-sparc64-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc64-binutils-debuginfo\", rpm:\"cross-sparc64-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-sparc64-binutils-debugsource\", rpm:\"cross-sparc64-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-spu-binutils\", rpm:\"cross-spu-binutils~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-spu-binutils-debuginfo\", rpm:\"cross-spu-binutils-debuginfo~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cross-spu-binutils-debugsource\", rpm:\"cross-spu-binutils-debugsource~2.32~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:54:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2018-7570", "CVE-2018-17358", "CVE-2018-7569", "CVE-2018-17985", "CVE-2018-6872", "CVE-2019-1010180", "CVE-2018-17360", "CVE-2018-6543", "CVE-2018-19931", "CVE-2018-18483", "CVE-2018-7568", "CVE-2018-6323", "CVE-2018-7643", "CVE-2018-6759", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2018-17359", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-10-31T00:00:00", "id": "OPENVAS:1361412562310852757", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852757", "type": "openvas", "title": "openSUSE: Security Advisory for binutils (openSUSE-SU-2019:2415-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852757\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-1000876\", \"CVE-2018-17358\", \"CVE-2018-17359\", \"CVE-2018-17360\", \"CVE-2018-17985\", \"CVE-2018-18309\", \"CVE-2018-18483\", \"CVE-2018-18484\", \"CVE-2018-18605\", \"CVE-2018-18606\", \"CVE-2018-18607\", \"CVE-2018-19931\", \"CVE-2018-19932\", \"CVE-2018-20623\", \"CVE-2018-20651\", \"CVE-2018-20671\", \"CVE-2018-6323\", \"CVE-2018-6543\", \"CVE-2018-6759\", \"CVE-2018-6872\", \"CVE-2018-7208\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7570\", \"CVE-2018-7642\", \"CVE-2018-7643\", \"CVE-2018-8945\", \"CVE-2019-1010180\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-31 03:01:17 +0000 (Thu, 31 Oct 2019)\");\n script_name(\"openSUSE: Security Advisory for binutils (openSUSE-SU-2019:2415-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2415-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'binutils'\n package(s) announced via the openSUSE-SU-2019:2415-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for binutils fixes the following issues:\n\n binutils was updated to current 2.32 branch [jsc#ECO-368].\n\n Includes following security fixes:\n\n - CVE-2018-17358: Fixed invalid memory access in\n _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)\n\n - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in\n opncls.c (bsc#1109413)\n\n - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in\n libbfd.c (bsc#1109414)\n\n - CVE-2018-17985: Fixed a stack consumption problem caused by the\n cplus_demangle_type (bsc#1116827)\n\n - CVE-2018-18309: Fixed an invalid memory address dereference was\n discovered in read_reloc in reloc.c (bsc#1111996)\n\n - CVE-2018-18483: Fixed get_count function provided by libiberty that\n allowed attackers to cause a denial of service or other unspecified\n impact (bsc#1112535)\n\n - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions\n provided by libiberty, caused by recursive stack frames (bsc#1112534)\n\n - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered\n in the function sec_merge_hash_lookup causing a denial of service\n (bsc#1113255)\n\n - CVE-2018-18606: Fixed a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge sections with large\n alignments, causing denial of service (bsc#1113252)\n\n - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd\n when used for finding STT_TLS symbols without any TLS section, causing\n denial of service (bsc#1113247)\n\n - CVE-2018-19931: Fixed a heap-based buffer overflow in\n bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)\n\n - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by\n the IS_CONTAINED_BY_LMA (bsc#1118830)\n\n - CVE-2018-20623: Fixed a use-after-free in the error function in\n elfcomm.c (bsc#1121035)\n\n - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference\n in elf_link_add_object_symbols in elflink.c (bsc#1121034)\n\n - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based\n buffer overflow in load_specific_debug_section in objdump.c\n (bsc#1121056)\n\n - CVE-2018-1000876: Fixed integer overflow in\n bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc in\n objdump (bsc#1120640)\n\n - CVE-2019-1010180: Fixed an out of bound memory access that could lead to\n crashes (bsc#1142772)\n\n - enable xtensa architecture (Tensilica lc6 and related)\n\n - Use -ffat-lto-objects in order to provide assembly for static libs\n (bsc#1141913).\n\n - Fixed some LTO build issues (bsc#1133131 bsc#1133232).\n\n - riscv: Don't check ABI flags if no code section\n ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.32~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-debuginfo\", rpm:\"binutils-debuginfo~2.32~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-debugsource\", rpm:\"binutils-debugsource~2.32~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.32~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-gold\", rpm:\"binutils-gold~2.32~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-gold-debuginfo\", rpm:\"binutils-gold-debuginfo~2.32~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"inutils-devel-32bit\", rpm:\"inutils-devel-32bit~2.32~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-28T17:19:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18700", "CVE-2018-9138", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-18605", "CVE-2018-17358", "CVE-2018-12698", "CVE-2019-9071", "CVE-2018-12697", "CVE-2019-17450", "CVE-2018-17794", "CVE-2019-14250", "CVE-2018-17985", "CVE-2019-12972", "CVE-2018-17360", "CVE-2018-10372", "CVE-2018-12699", "CVE-2018-13033", "CVE-2018-19931", "CVE-2018-18483", "CVE-2019-9075", "CVE-2019-9077", "CVE-2018-12641", "CVE-2018-12700", "CVE-2019-9073", "CVE-2018-10535", "CVE-2019-17451", "CVE-2018-12934", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2019-9070", "CVE-2019-9074", "CVE-2018-17359", "CVE-2018-20002", "CVE-2018-10373", "CVE-2019-14444", "CVE-2018-18701", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "The remote host is missing an update for the ", "modified": "2020-04-26T00:00:00", "published": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310844401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844401", "type": "openvas", "title": "Ubuntu: Security Advisory for binutils (USN-4336-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844401\");\n script_version(\"2020-04-26T06:11:04+0000\");\n script_cve_id(\"CVE-2018-1000876\", \"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-12641\", \"CVE-2018-12697\", \"CVE-2018-12698\", \"CVE-2018-12699\", \"CVE-2018-12700\", \"CVE-2018-12934\", \"CVE-2018-13033\", \"CVE-2018-17358\", \"CVE-2018-17359\", \"CVE-2018-17360\", \"CVE-2018-17794\", \"CVE-2018-17985\", \"CVE-2018-18309\", \"CVE-2018-18483\", \"CVE-2018-18484\", \"CVE-2018-18605\", \"CVE-2018-18606\", \"CVE-2018-18607\", \"CVE-2018-18700\", \"CVE-2018-18701\", \"CVE-2018-19931\", \"CVE-2018-19932\", \"CVE-2018-20002\", \"CVE-2018-20623\", \"CVE-2018-20651\", \"CVE-2018-20671\", \"CVE-2018-8945\", \"CVE-2018-9138\", \"CVE-2019-12972\", \"CVE-2019-14250\", \"CVE-2019-14444\", \"CVE-2019-17450\", \"CVE-2019-17451\", \"CVE-2019-9070\", \"CVE-2019-9071\", \"CVE-2019-9073\", \"CVE-2019-9074\", \"CVE-2019-9075\", \"CVE-2019-9077\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-26 06:11:04 +0000 (Sun, 26 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-23 03:00:27 +0000 (Thu, 23 Apr 2020)\");\n script_name(\"Ubuntu: Security Advisory for binutils (USN-4336-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4336-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-April/005399.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'binutils'\n package(s) announced via the USN-4336-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that GNU binutils contained a large number of security\nissues. If a user or automated system were tricked into processing a\nspecially-crafted file, a remote attacker could cause GNU binutils to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode.\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"binutils\", ver:\"2.30-21ubuntu1~18.04.3\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"binutils-multiarch\", ver:\"2.30-21ubuntu1~18.04.3\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:53:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1010180"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-11-13T00:00:00", "id": "OPENVAS:1361412562310852769", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852769", "type": "openvas", "title": "openSUSE: Security Advisory for gdb (openSUSE-SU-2019:2493-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852769\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-1010180\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 03:01:25 +0000 (Wed, 13 Nov 2019)\");\n script_name(\"openSUSE: Security Advisory for gdb (openSUSE-SU-2019:2493-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2493-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gdb'\n package(s) announced via the openSUSE-SU-2019:2493-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for gdb fixes the following issues:\n\n Update to gdb 8.3.1: (jsc#ECO-368)\n\n Security issues fixed:\n\n - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF\n sections larger than the file. (bsc#1142772)\n\n Upgrade libipt from v2.0 to v2.0.1.\n\n - Enable librpm for version > librpm.so.3 [bsc#1145692]:\n\n * Allow any librpm.so.x\n\n * Add %build test to check for 'zypper install <rpm-packagename>' message\n\n - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python,\n and use it for --without=python.\n\n Rebase to 8.3 release (as in fedora 30 @ 1e222a3).\n\n * DWARF index cache: GDB can now automatically save indices of DWARF\n symbols on disk to speed up further loading of the same binaries.\n\n * Ada task switching is now supported on aarch64-elf targets when\n debugging a program using the Ravenscar Profile.\n\n * Terminal styling is now available for the CLI and the TUI.\n\n * Removed support for old demangling styles arm, edg, gnu, hp and lucid.\n\n * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*).\n\n - Implemented access to more POWER8 registers. [fate#326120, fate#325178]\n\n - Handle most of new s390 arch13 instructions. [fate#327369, jsc#ECO-368]\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2493=1\");\n\n script_tag(name:\"affected\", value:\"'gdb' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gdb\", rpm:\"gdb~8.3.1~lp150.2.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdb-debuginfo\", rpm:\"gdb-debuginfo~8.3.1~lp150.2.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdb-debugsource\", rpm:\"gdb-debugsource~8.3.1~lp150.2.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdb-testresults\", rpm:\"gdb-testresults~8.3.1~lp150.2.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdbserver\", rpm:\"gdbserver~8.3.1~lp150.2.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdbserver-debuginfo\", rpm:\"gdbserver-debuginfo~8.3.1~lp150.2.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:30:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1010180"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852969", "type": "openvas", "title": "openSUSE: Security Advisory for gdb (openSUSE-SU-2019:2494-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852969\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-1010180\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:49:58 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for gdb (openSUSE-SU-2019:2494-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2494-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gdb'\n package(s) announced via the openSUSE-SU-2019:2494-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for gdb fixes the following issues:\n\n Update to gdb 8.3.1: (jsc#ECO-368)\n\n Security issues fixed:\n\n - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF\n sections larger than the file. (bsc#1142772)\n\n Upgrade libipt from v2.0 to v2.0.1.\n\n - Enable librpm for version > librpm.so.3 [bsc#1145692]:\n\n * Allow any librpm.so.x\n\n * Add %build test to check for 'zypper install <rpm-packagename>' message\n\n - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python,\n and use it for --without=python.\n\n Rebase to 8.3 release (as in fedora 30 @ 1e222a3).\n\n * DWARF index cache: GDB can now automatically save indices of DWARF\n symbols on disk to speed up further loading of the same binaries.\n\n * Ada task switching is now supported on aarch64-elf targets when\n debugging a program using the Ravenscar Profile.\n\n * Terminal styling is now available for the CLI and the TUI.\n\n * Removed support for old demangling styles arm, edg, gnu, hp and lucid.\n\n * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*).\n\n - Implemented access to more POWER8 registers. [fate#326120, fate#325178]\n\n - Handle most of new s390 arch13 instructions. [fate#327369, jsc#ECO-368]\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2494=1\");\n\n script_tag(name:\"affected\", value:\"'gdb' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gdb\", rpm:\"gdb~8.3.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdb-debuginfo\", rpm:\"gdb-debuginfo~8.3.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdb-debugsource\", rpm:\"gdb-debugsource~8.3.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdb-testresults\", rpm:\"gdb-testresults~8.3.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdbserver\", rpm:\"gdbserver~8.3.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gdbserver-debuginfo\", rpm:\"gdbserver-debuginfo~8.3.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:25:40", "description": "load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-04T16:29:00", "title": "CVE-2018-20671", "type": "cve", "cwe": ["CWE-190", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20671"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:gnu:binutils:2.31.1"], "id": "CVE-2018-20671", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20671", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:37", "description": "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.", "edition": 12, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-07-24T13:15:00", "title": "CVE-2019-1010180", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1010180"], "modified": "2020-11-23T15:53:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:opensuse:leap:15.1"], "id": "CVE-2019-1010180", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010180", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:17", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-15T02:29:00", "title": "CVE-2018-18309", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18309"], "modified": "2019-10-31T01:15:00", "cpe": ["cpe:/a:gnu:binutils:2.31"], "id": "CVE-2018-18309", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18309", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:binutils:2.31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:30", "description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", "edition": 11, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-20T17:29:00", "title": "CVE-2018-1000876", "type": "cve", "cwe": ["CWE-190", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000876"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2018-1000876", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000876", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-10-03T13:20:17", "description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-23T17:29:00", "title": "CVE-2018-18607", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18607"], "modified": "2019-10-31T01:15:00", "cpe": ["cpe:/o:netapp:data_ontap:-", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:binutils:2.31", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-18607", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18607", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:17", "description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-23T17:29:00", "title": "CVE-2018-18605", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18605"], "modified": "2019-10-31T01:15:00", "cpe": ["cpe:/o:netapp:data_ontap:-", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:binutils:2.31", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-18605", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18605", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-11-03T13:28:24", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\0' character.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-06-26T14:15:00", "title": "CVE-2019-12972", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12972"], "modified": "2020-11-02T21:15:00", "cpe": ["cpe:/a:gnu:binutils:2.32"], "id": "CVE-2019-12972", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12972", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:40", "description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-12-10T02:29:00", "title": "CVE-2018-20002", "type": "cve", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20002"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:f5:traffix_signaling_delivery_controller:5.1.0", "cpe:/a:gnu:binutils:2.31", "cpe:/a:netapp:vasa_provider:*", "cpe:/a:f5:traffix_signaling_delivery_controller:4.4.0"], "id": "CVE-2018-20002", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20002", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*", "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.31:*:*:*:*:*:*:*", "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-11-03T13:28:30", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-10T17:15:00", "title": "CVE-2019-17451", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17451"], "modified": "2020-11-02T21:15:00", "cpe": ["cpe:/a:gnu:binutils:2.32"], "id": "CVE-2019-17451", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17451", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:17", "description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-23T17:29:00", "title": "CVE-2018-18606", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18606"], "modified": "2019-10-31T01:15:00", "cpe": ["cpe:/o:netapp:data_ontap:-", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:binutils:2.31", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-18606", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18606", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2020-07-27T05:34:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17450", "CVE-2019-14250", "CVE-2019-12972", "CVE-2019-17451", "CVE-2019-14444"], "description": "### Background\n\nThe GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Binutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/binutils-2.33.1\"", "edition": 1, "modified": "2020-07-27T00:00:00", "published": "2020-07-27T00:00:00", "id": "GLSA-202007-39", "href": "https://security.gentoo.org/glsa/202007-39", "title": "Binutils: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-15T22:43:25", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1010180"], "description": "### Background\n\ngdb is the GNU project\u2019s debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats. \n\n### Description\n\nIt was discovered that gdb didn\u2019t properly validate the ELF section sizes from input file. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted ELF binary using gdb, possibly resulting in information disclosure or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll gdb users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/gdb-9.1\"", "edition": 1, "modified": "2020-03-15T00:00:00", "published": "2020-03-15T00:00:00", "id": "GLSA-202003-31", "href": "https://security.gentoo.org/glsa/202003-31", "title": "gdb: Buffer overflow", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-10-31T21:20:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17450", "CVE-2019-14250", "CVE-2019-12972", "CVE-2019-9075", "CVE-2019-9077", "CVE-2019-17451", "CVE-2019-9074", "CVE-2019-14444"], "description": "This update for binutils fixes the following issues:\n\n binutils was updated to version 2.35. (jsc#ECO-2373)\n\n Update to binutils 2.35:\n\n * The assembler can now produce DWARF-5 format line number tables.\n * Readelf now has a "lint" mode to enable extra checks of the files it is\n processing.\n * Readelf will now display "[...]" when it has to truncate a symbol name.\n The old behaviour - of displaying as many characters as possible, up to\n the 80 column limit - can be restored by the use of the\n --silent-truncation\n option.\n * The linker can now produce a dependency file listing the inputs that it\n has processed, much like the -M -MP option supported by the compiler.\n\n - fix DT_NEEDED order with -flto [bsc#1163744]\n\n\n Update to binutils 2.34:\n\n * The disassembler (objdump --disassemble) now has an option to generate\n ascii art thats show the arcs between that start and end points of\n control flow instructions.\n * The binutils tools now have support for debuginfod. Debuginfod is a\n HTTP service for distributing ELF/DWARF debugging information as well as\n source code. The tools can now connect to debuginfod servers in order\n to download debug information about the files that they are processing.\n * The assembler and linker now support the generation of ELF format files\n for the Z80 architecture.\n\n - Add new subpackages for libctf and libctf-nobfd.\n - Disable LTO due to bsc#1163333.\n - Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka\n PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078\n\n - fix various build fails on aarch64 (PR25210, bsc#1157755).\n\n Update to binutils 2.33.1:\n\n * Adds support for the Arm Scalable Vector Extension version 2 (SVE2)\n instructions, the Arm Transactional Memory Extension (TME) instructions\n and the Armv8.1-M Mainline and M-profile Vector Extension (MVE)\n instructions.\n * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P\n processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,\n Cortex-A76AE, and Cortex-A77 processors.\n * Adds a .float16 directive for both Arm and AArch64 to allow encoding of\n 16-bit floating point literals.\n * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3\n LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure\n time option to set the default behavior. Set the default if the\n configure option is not used to "no".\n * The Cortex-A53 Erratum 843419 workaround now supports a choice of which\n workaround to use. The option --fix-cortex-a53-843419 now takes an\n optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be\n used to force a particular workaround to be used. See --help for AArch64\n for more details.\n * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and\n GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the\n AArch64 ELF linker.\n * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI\n on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI\n on inputs and use PLTs protected with BTI.\n * Add -z pac-plt for AArch64 to pick PAC enabled PLTs.\n * Add --source-comment[=<txt>] option to objdump which if present,\n provides a prefix to source code lines displayed in a disassembly.\n * Add --set-section-alignment <section-name>=<power-of-2-align>\n option to objcopy to allow the changing of section alignments.\n * Add --verilog-data-width option to objcopy for verilog targets to\n control width of data elements in verilog hex format.\n * The separate debug info file options of readelf (--debug-dump=links and\n --debug-dump=follow) and objdump (--dwarf=links and\n --dwarf=follow-links) will now display and/or follow multiple links if\n more than one are present in a file. (This usually happens when gcc's\n -gsplit-dwarf option is used). In addition objdump's\n --dwarf=follow-links now also affects its\n other display options, so that for example, when combined with\n --syms it will cause the symbol tables in any linked debug info files to\n also be displayed. In addition when combined with\n --disassemble the --dwarf= follow-links option will ensure that any\n symbol tables in the linked files are read and used when disassembling\n code in the main file.\n * Add support for dumping types encoded in the Compact Type Format to\n objdump and readelf.\n - Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka\n PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka\n CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405\n bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka\n CVE-2019-14250 aka PR90924\n\n * Add xBPF target\n * Fix various problems with DWARF 5 support in gas\n * fix nm -B for objects compiled with -flto and -fcommon.\n\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-10-31T18:15:52", "published": "2020-10-31T18:15:52", "id": "OPENSUSE-SU-2020:1790-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-01T17:16:52", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17450", "CVE-2019-14250", "CVE-2019-12972", "CVE-2019-9075", "CVE-2019-9077", "CVE-2019-17451", "CVE-2019-9074", "CVE-2019-14444"], "description": "This update for binutils fixes the following issues:\n\n binutils was updated to version 2.35. (jsc#ECO-2373)\n\n Update to binutils 2.35:\n\n * The assembler can now produce DWARF-5 format line number tables.\n * Readelf now has a "lint" mode to enable extra checks of the files it is\n processing.\n * Readelf will now display "[...]" when it has to truncate a symbol name.\n The old behaviour - of displaying as many characters as possible, up to\n the 80 column limit - can be restored by the use of the\n --silent-truncation\n option.\n * The linker can now produce a dependency file listing the inputs that it\n has processed, much like the -M -MP option supported by the compiler.\n\n - fix DT_NEEDED order with -flto [bsc#1163744]\n\n\n Update to binutils 2.34:\n\n * The disassembler (objdump --disassemble) now has an option to generate\n ascii art thats show the arcs between that start and end points of\n control flow instructions.\n * The binutils tools now have support for debuginfod. Debuginfod is a\n HTTP service for distributing ELF/DWARF debugging information as well as\n source code. The tools can now connect to debuginfod servers in order\n to download debug information about the files that they are processing.\n * The assembler and linker now support the generation of ELF format files\n for the Z80 architecture.\n\n - Add new subpackages for libctf and libctf-nobfd.\n - Disable LTO due to bsc#1163333.\n - Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka\n PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078\n\n - fix various build fails on aarch64 (PR25210, bsc#1157755).\n\n Update to binutils 2.33.1:\n\n * Adds support for the Arm Scalable Vector Extension version 2 (SVE2)\n instructions, the Arm Transactional Memory Extension (TME) instructions\n and the Armv8.1-M Mainline and M-profile Vector Extension (MVE)\n instructions.\n * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P\n processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,\n Cortex-A76AE, and Cortex-A77 processors.\n * Adds a .float16 directive for both Arm and AArch64 to allow encoding of\n 16-bit floating point literals.\n * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3\n LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure\n time option to set the default behavior. Set the default if the\n configure option is not used to "no".\n * The Cortex-A53 Erratum 843419 workaround now supports a choice of which\n workaround to use. The option --fix-cortex-a53-843419 now takes an\n optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be\n used to force a particular workaround to be used. See --help for AArch64\n for more details.\n * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and\n GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the\n AArch64 ELF linker.\n * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI\n on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI\n on inputs and use PLTs protected with BTI.\n * Add -z pac-plt for AArch64 to pick PAC enabled PLTs.\n * Add --source-comment[=<txt>] option to objdump which if present,\n provides a prefix to source code lines displayed in a disassembly.\n * Add --set-section-alignment <section-name>=<power-of-2-align>\n option to objcopy to allow the changing of section alignments.\n * Add --verilog-data-width option to objcopy for verilog targets to\n control width of data elements in verilog hex format.\n * The separate debug info file options of readelf (--debug-dump=links and\n --debug-dump=follow) and objdump (--dwarf=links and\n --dwarf=follow-links) will now display and/or follow multiple links if\n more than one are present in a file. (This usually happens when gcc's\n -gsplit-dwarf option is used). In addition objdump's\n --dwarf=follow-links now also affects its\n other display options, so that for example, when combined with\n --syms it will cause the symbol tables in any linked debug info files to\n also be displayed. In addition when combined with\n --disassemble the --dwarf= follow-links option will ensure that any\n symbol tables in the linked files are read and used when disassembling\n code in the main file.\n * Add support for dumping types encoded in the Compact Type Format to\n objdump and readelf.\n - Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka\n PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka\n CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405\n bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka\n CVE-2019-14250 aka PR90924\n\n * Add xBPF target\n * Fix various problems with DWARF 5 support in gas\n * fix nm -B for objects compiled with -flto and -fcommon.\n\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-11-01T15:14:15", "published": "2020-11-01T15:14:15", "id": "OPENSUSE-SU-2020:1804-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-31T04:09:13", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2018-7570", "CVE-2018-17358", "CVE-2018-7569", "CVE-2018-17985", "CVE-2018-6872", "CVE-2019-1010180", "CVE-2018-17360", "CVE-2018-6543", "CVE-2018-19931", "CVE-2018-18483", "CVE-2018-7568", "CVE-2018-6323", "CVE-2018-7643", "CVE-2018-6759", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2018-17359", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "This update for binutils fixes the following issues:\n\n binutils was updated to current 2.32 branch [jsc#ECO-368].\n\n Includes following security fixes:\n\n - CVE-2018-17358: Fixed invalid memory access in\n _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)\n - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in\n opncls.c (bsc#1109413)\n - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in\n libbfd.c (bsc#1109414)\n - CVE-2018-17985: Fixed a stack consumption problem caused by the\n cplus_demangle_type (bsc#1116827)\n - CVE-2018-18309: Fixed an invalid memory address dereference was\n discovered in read_reloc in reloc.c (bsc#1111996)\n - CVE-2018-18483: Fixed get_count function provided by libiberty that\n allowed attackers to cause a denial of service or other unspecified\n impact (bsc#1112535)\n - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions\n provided by libiberty, caused by recursive stack frames (bsc#1112534)\n - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered\n in the function sec_merge_hash_lookup causing a denial of service\n (bsc#1113255)\n - CVE-2018-18606: Fixed a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge sections with large\n alignments, causing denial of service (bsc#1113252)\n - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd\n when used for finding STT_TLS symbols without any TLS section, causing\n denial of service (bsc#1113247)\n - CVE-2018-19931: Fixed a heap-based buffer overflow in\n bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)\n - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by\n the IS_CONTAINED_BY_LMA (bsc#1118830)\n - CVE-2018-20623: Fixed a use-after-free in the error function in\n elfcomm.c (bsc#1121035)\n - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference\n in elf_link_add_object_symbols in elflink.c (bsc#1121034)\n - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based\n buffer overflow in load_specific_debug_section in objdump.c\n (bsc#1121056)\n - CVE-2018-1000876: Fixed integer overflow in\n bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in\n objdump (bsc#1120640)\n - CVE-2019-1010180: Fixed an out of bound memory access that could lead to\n crashes (bsc#1142772)\n\n - enable xtensa architecture (Tensilica lc6 and related)\n - Use -ffat-lto-objects in order to provide assembly for static libs\n (bsc#1141913).\n - Fixed some LTO build issues (bsc#1133131 bsc#1133232).\n - riscv: Don't check ABI flags if no code section\n - Fixed a segfault in ld when building some versions of pacemaker\n (bsc#1154025, bsc#1154016).\n - Add avr, epiphany and rx to target_list so that the common binutils can\n handle all objects we can create with crosses (bsc#1152590).\n\n Update to binutils 2.32:\n\n * The binutils now support for the C-SKY processor series.\n * The x86 assembler now supports a -mvexwig=[0|1] option to control\n encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new\n -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property\n notes.\n * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the\n Loongson EXTensions (EXT) instructions, the Loongson Content Address\n Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions\n (MMI) ASE.\n * The addr2line, c++filt, nm and objdump tools now have a default limit on\n the maximum amount of recursion that is allowed whilst demangling\n strings. This limit can be disabled if necessary.\n * Objdump's --disassemble option can now take a parameter, specifying the\n starting symbol for disassembly. Disassembly will continue from this\n symbol up to the next symbol or the end of the function.\n * The BFD linker will now report property change in linker map file when\n merging GNU properties.\n * The BFD linker's -t option now doesn't report members within archives,\n unless -t is given twice. This makes it more useful when generating a\n list of files that should be packaged for a linker bug report.\n * The GOLD linker has improved warning messages for relocations that refer\n to discarded sections.\n\n - Improve relro support on s390 [fate#326356]\n - Fix broken debug symbols (bsc#1118644)\n - Handle ELF compressed header alignment correctly.\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-10-31T00:14:06", "published": "2019-10-31T00:14:06", "id": "OPENSUSE-SU-2019:2415-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T00:01:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-18605", "CVE-2018-7570", "CVE-2018-17358", "CVE-2018-7569", "CVE-2018-17985", "CVE-2018-6872", "CVE-2019-1010180", "CVE-2018-17360", "CVE-2018-6543", "CVE-2018-19931", "CVE-2018-18483", "CVE-2018-7568", "CVE-2018-6323", "CVE-2018-7643", "CVE-2018-6759", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2018-17359", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "This update for binutils fixes the following issues:\n\n binutils was updated to current 2.32 branch [jsc#ECO-368].\n\n Includes following security fixes:\n\n - CVE-2018-17358: Fixed invalid memory access in\n _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)\n - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in\n opncls.c (bsc#1109413)\n - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in\n libbfd.c (bsc#1109414)\n - CVE-2018-17985: Fixed a stack consumption problem caused by the\n cplus_demangle_type (bsc#1116827)\n - CVE-2018-18309: Fixed an invalid memory address dereference was\n discovered in read_reloc in reloc.c (bsc#1111996)\n - CVE-2018-18483: Fixed get_count function provided by libiberty that\n allowed attackers to cause a denial of service or other unspecified\n impact (bsc#1112535)\n - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions\n provided by libiberty, caused by recursive stack frames (bsc#1112534)\n - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered\n in the function sec_merge_hash_lookup causing a denial of service\n (bsc#1113255)\n - CVE-2018-18606: Fixed a NULL pointer dereference in\n _bfd_add_merge_section when attempting to merge sections with large\n alignments, causing denial of service (bsc#1113252)\n - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd\n when used for finding STT_TLS symbols without any TLS section, causing\n denial of service (bsc#1113247)\n - CVE-2018-19931: Fixed a heap-based buffer overflow in\n bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)\n - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by\n the IS_CONTAINED_BY_LMA (bsc#1118830)\n - CVE-2018-20623: Fixed a use-after-free in the error function in\n elfcomm.c (bsc#1121035)\n - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference\n in elf_link_add_object_symbols in elflink.c (bsc#1121034)\n - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based\n buffer overflow in load_specific_debug_section in objdump.c\n (bsc#1121056)\n - CVE-2018-1000876: Fixed integer overflow in\n bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in\n objdump (bsc#1120640)\n - CVE-2019-1010180: Fixed an out of bound memory access that could lead to\n crashes (bsc#1142772)\n\n - enable xtensa architecture (Tensilica lc6 and related)\n - Use -ffat-lto-objects in order to provide assembly for static libs\n (bsc#1141913).\n - Fixed some LTO build issues (bsc#1133131 bsc#1133232).\n - riscv: Don't check ABI flags if no code section\n - Fixed a segfault in ld when building some versions of pacemaker\n (bsc#1154025, bsc#1154016).\n - Add avr, epiphany and rx to target_list so that the common binutils can\n handle all objects we can create with crosses (bsc#1152590).\n\n Update to binutils 2.32:\n\n * The binutils now support for the C-SKY processor series.\n * The x86 assembler now supports a -mvexwig=[0|1] option to control\n encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new\n -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property\n notes.\n * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the\n Loongson EXTensions (EXT) instructions, the Loongson Content Address\n Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions\n (MMI) ASE.\n * The addr2line, c++filt, nm and objdump tools now have a default limit on\n the maximum amount of recursion that is allowed whilst demangling\n strings. This limit can be disabled if necessary.\n * Objdump's --disassemble option can now take a parameter, specifying the\n starting symbol for disassembly. Disassembly will continue from this\n symbol up to the next symbol or the end of the function.\n * The BFD linker will now report property change in linker map file when\n merging GNU properties.\n * The BFD linker's -t option now doesn't report members within archives,\n unless -t is given twice. This makes it more useful when generating a\n list of files that should be packaged for a linker bug report.\n * The GOLD linker has improved warning messages for relocations that refer\n to discarded sections.\n\n - Improve relro support on s390 [fate#326356]\n - Fix broken debug symbols (bsc#1118644)\n - Handle ELF compressed header alignment correctly.\n\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2019-11-05T21:18:30", "published": "2019-11-05T21:18:30", "id": "OPENSUSE-SU-2019:2432-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-13T04:03:21", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1010180"], "description": "This update for gdb fixes the following issues:\n\n Update to gdb 8.3.1: (jsc#ECO-368)\n\n Security issues fixed:\n\n - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF\n sections larger than the file. (bsc#1142772)\n\n Upgrade libipt from v2.0 to v2.0.1.\n\n - Enable librpm for version > librpm.so.3 [bsc#1145692]:\n * Allow any librpm.so.x\n * Add %build test to check for "zypper install <rpm-packagename>" message\n\n - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python,\n and use it for --without=python.\n\n Rebase to 8.3 release (as in fedora 30 @ 1e222a3).\n\n * DWARF index cache: GDB can now automatically save indices of DWARF\n symbols on disk to speed up further loading of the same binaries.\n * Ada task switching is now supported on aarch64-elf targets when\n debugging a program using the Ravenscar Profile.\n * Terminal styling is now available for the CLI and the TUI.\n * Removed support for old demangling styles arm, edg, gnu, hp and lucid.\n * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*).\n\n - Implemented access to more POWER8 registers. [fate#326120, fate#325178]\n - Handle most of new s390 arch13 instructions. [fate#327369, jsc#ECO-368]\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2019-11-13T00:43:39", "published": "2019-11-13T00:43:39", "id": "OPENSUSE-SU-2019:2494-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", "title": "Security update for gdb (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-13T04:03:21", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1010180"], "description": "This update for gdb fixes the following issues:\n\n Update to gdb 8.3.1: (jsc#ECO-368)\n\n Security issues fixed:\n\n - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF\n sections larger than the file. (bsc#1142772)\n\n Upgrade libipt from v2.0 to v2.0.1.\n\n - Enable librpm for version > librpm.so.3 [bsc#1145692]:\n * Allow any librpm.so.x\n * Add %build test to check for "zypper install <rpm-packagename>" message\n\n - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python,\n and use it for --without=python.\n\n Rebase to 8.3 release (as in fedora 30 @ 1e222a3).\n\n * DWARF index cache: GDB can now automatically save indices of DWARF\n symbols on disk to speed up further loading of the same binaries.\n * Ada task switching is now supported on aarch64-elf targets when\n debugging a program using the Ravenscar Profile.\n * Terminal styling is now available for the CLI and the TUI.\n * Removed support for old demangling styles arm, edg, gnu, hp and lucid.\n * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*).\n\n - Implemented access to more POWER8 registers. [fate#326120, fate#325178]\n - Handle most of new s390 arch13 instructions. [fate#327369, jsc#ECO-368]\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-11-13T01:22:12", "published": "2019-11-13T01:22:12", "id": "OPENSUSE-SU-2019:2493-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", "title": "Security update for gdb (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18700", "CVE-2018-9138", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-18605", "CVE-2018-17358", "CVE-2018-12698", "CVE-2019-9071", "CVE-2018-12697", "CVE-2019-17450", "CVE-2018-17794", "CVE-2019-14250", "CVE-2018-17985", "CVE-2019-12972", "CVE-2018-17360", "CVE-2018-10372", "CVE-2018-12699", "CVE-2018-13033", "CVE-2018-19931", "CVE-2018-18483", "CVE-2019-9075", "CVE-2019-9077", "CVE-2018-12641", "CVE-2018-12700", "CVE-2019-9073", "CVE-2018-10535", "CVE-2019-17451", "CVE-2018-12934", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2019-9070", "CVE-2019-9074", "CVE-2018-17359", "CVE-2018-20002", "CVE-2018-10373", "CVE-2019-14444", "CVE-2018-18701", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "It was discovered that GNU binutils contained a large number of security \nissues. If a user or automated system were tricked into processing a \nspecially-crafted file, a remote attacker could cause GNU binutils to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode.", "edition": 2, "modified": "2020-04-22T00:00:00", "published": "2020-04-22T00:00:00", "id": "USN-4336-1", "href": "https://ubuntu.com/security/notices/USN-4336-1", "title": "GNU binutils vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2020-05-15T05:08:22", "bulletinFamily": "software", "cvelist": ["CVE-2018-18700", "CVE-2018-9138", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-18605", "CVE-2018-17358", "CVE-2018-12698", "CVE-2019-9071", "CVE-2018-12697", "CVE-2019-17450", "CVE-2018-17794", "CVE-2019-14250", "CVE-2018-17985", "CVE-2019-12972", "CVE-2018-17360", "CVE-2018-10372", "CVE-2018-12699", "CVE-2018-13033", "CVE-2018-19931", "CVE-2018-18483", "CVE-2019-9075", "CVE-2019-9077", "CVE-2018-12641", "CVE-2018-12700", "CVE-2019-9073", "CVE-2018-10535", "CVE-2019-17451", "CVE-2018-12934", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2019-9070", "CVE-2019-9074", "CVE-2018-17359", "CVE-2018-20002", "CVE-2018-10373", "CVE-2019-14444", "CVE-2018-18701", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2018-1000876, CVE-2018-10372, CVE-2018-10373, CVE-2018-10534, CVE-2018-10535, CVE-2018-12641, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, CVE-2018-12700, CVE-2018-12934, CVE-2018-13033, CVE-2018-17358, CVE-2018-17359, CVE-2018-17360, CVE-2018-17794, CVE-2018-17985, CVE-2018-18309, CVE-2018-18483, CVE-2018-18484, CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, CVE-2018-18700, CVE-2018-18701, CVE-2018-19931, CVE-2018-19932, CVE-2018-20002, CVE-2018-20623, CVE-2018-20651, CVE-2018-20671, CVE-2018-8945, CVE-2018-9138, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077, CVE-2019-14250, CVE-2019-12972, CVE-2019-14444, CVE-2019-17450, CVE-2019-17451.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.176.0\n * CF Deployment \n * All versions prior to v13.0.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.176.0 or greater\n * CF Deployment \n * Upgrade All versions to v13.0.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4336-1/>)\n * [CVE-2018-1000876](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876>)\n * [CVE-2018-10372](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10372>)\n * [CVE-2018-10373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10373>)\n * [CVE-2018-10534](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10534>)\n * [CVE-2018-10535](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10535>)\n * [CVE-2018-12641](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641>)\n * [CVE-2018-12697](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697>)\n * [CVE-2018-12698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698>)\n * [CVE-2018-12699](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699>)\n * [CVE-2018-12700](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700>)\n * [CVE-2018-12934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12934>)\n * [CVE-2018-13033](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13033>)\n * [CVE-2018-17358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17358>)\n * [CVE-2018-17359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17359>)\n * [CVE-2018-17360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17360>)\n * [CVE-2018-17794](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794>)\n * [CVE-2018-17985](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985>)\n * [CVE-2018-18309](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18309>)\n * [CVE-2018-18483](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18483>)\n * [CVE-2018-18484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484>)\n * [CVE-2018-18605](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605>)\n * [CVE-2018-18606](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606>)\n * [CVE-2018-18607](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607>)\n * [CVE-2018-18700](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700>)\n * [CVE-2018-18701](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701>)\n * [CVE-2018-19931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931>)\n * [CVE-2018-19932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932>)\n * [CVE-2018-20002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002>)\n * [CVE-2018-20623](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20623>)\n * [CVE-2018-20651](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20651>)\n * [CVE-2018-20671](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20671>)\n * [CVE-2018-8945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945>)\n * [CVE-2018-9138](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9138>)\n * [CVE-2019-9070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9070>)\n * [CVE-2019-9071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9071>)\n * [CVE-2019-9073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9073>)\n * [CVE-2019-9074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9074>)\n * [CVE-2019-9075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9075>)\n * [CVE-2019-9077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9077>)\n * [CVE-2019-14250](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14250>)\n * [CVE-2019-12972](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12972>)\n * [CVE-2019-14444](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14444>)\n * [CVE-2019-17450](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17450>)\n * [CVE-2019-17451](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17451>)\n\n## History\n\n2020-04-22: Initial vulnerability report published.\n", "edition": 1, "modified": "2020-05-14T00:00:00", "published": "2020-05-14T00:00:00", "id": "CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A", "href": "https://www.cloudfoundry.org/blog/usn-4336-1/", "title": "USN-4336-1: GNU binutils vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-06-04T23:28:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1010180"], "description": "[8.2-11.0.1]\n- Import Implement s390x arch13 support (Andreas Krebbel, RH BZ 1768593).\n[8.2-8.0.2]\n- Forward-port patches from ol8-u1:\n gdb-ctf-forward-type.patch\n gdb-ctf-func-args.patch\n gdb-ctf-optout-var.patch\n- Reviewed-by: Jose E. Marchesi \n[8.2-8.0.1]\n- Forward-port patches from ol8-u1:\n gdb-ctf.patch\n gdb-ctf-upstream1.patch\n gdb-ctf-prfunc.patch\n- Reviewed-by: Jose E. Marchesi \n[8.2-8.el8]\n- Fix buffer overflow reading sections with invalid sizes\n (Keith Seitz, RH BZ 1742099)\n[8.2-7.el8]\n- Fix segfault that happens on parse_macro_definition because\n debugedit corrupts the .debug_macro section (Sergio Durigan Junior,\n RH BZ 1708192).", "edition": 1, "modified": "2020-05-05T00:00:00", "published": "2020-05-05T00:00:00", "id": "ELSA-2020-1635", "href": "http://linux.oracle.com/errata/ELSA-2020-1635.html", "title": "gdb security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-12T03:27:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17450"], "description": "[2.30-79.0.1]\n- Forward-port Oracle patches from 2.30-75.0.1\n- Reviewed-by: Jose E. Marchesi \n[2.30-79]\n- Fix x86 assemblers handling of non-8-bit displacements. (#1869401)\n[2.30-77]\n- Add tests missing from PT_GNU_SEGMENT patch. (#1870039)\n[2.30-75.0.1]\n- Forward-port Oracle patches to OL8.3 beta.\n[2.30-76]\n- Have the s.390 assembler include alignment hints with vector instructions. (#1850490)\n[2.30-75]\n- Prevent the s/390 linker from rewriting the GOT access for certain symbol types. (#1846972)", "edition": 1, "modified": "2020-11-10T00:00:00", "published": "2020-11-10T00:00:00", "id": "ELSA-2020-4465", "href": "http://linux.oracle.com/errata/ELSA-2020-4465.html", "title": "binutils security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-04T23:29:42", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1010204", "CVE-2019-17451"], "description": "[2.30-73.0.1]\n- Forward-port of Oracle patches from 2.30-68.0.2.\n- Reviewed-by: Elena Zannoni \n[2.30-68.0.2]\n- Backport the non-cycle-detecting-capable deduplicating CTF linker\n- Backport a fix for an upstream hashtab crash (no upstream bug number),\n triggered by the above.\n- Fix deduplication of ambiguously-named types in CTF.\n- CTF types without names are not ambiguously-named.\n- Stop the CTF_LINK_EMPTY_CU_MAPPINGS flag crashing.\n- Only emit ambiguous types as hidden if they are named and there is already\n a type with that name.\n- Make sure completely empty dicts get their header written out properly\n- Do not fail if adding anonymous struct/union members to structs/unions that\n already contain other anonymous members at a different offset\n- Correctly look up pointers to non-root-visible structures\n- Emit error messages in dumping into the dump stream\n- Do not abort early on dump-time errors\n- Elide likely duplicates (same name, same kind) within a single TU (cross-\n TU duplicate/ambiguous-type detection works as before).\n- Fix linking of the CTF variable section\n- Fix spurious conflicts of variables (also affects the nondeduplicating linker)\n- Defend against CUs without names\n- When linking only a single input file, set the output CTF CU name to the\n name of the input\n- Support cv-qualified bitfields\n- Fix off-by-one error in SHA-1 sizing\n[2.30-73]\n- Remove bogus assertion. (#1801879)\n[2.30-72]\n- Allow the BFD library to handle the copying of files containing secondary reloc sections. (#1801879)\n[2.30-68.0.1]\n- Ensure 8-byte alignment for AArch64 stubs.\n- Add CTF support to OL8: CTF machinery, including libctf.so and\n libctf-nonbfd.so. The linker does not yet deduplicate the CTF type section.\n- Backport of fix for upstream bug 23919, required by above\n- [Orabug: 30102938] [Orabug: 30102941]\n[2.30-71]\n- Fix a potential seg-fault in the BFD library when parsing pathalogical debug_info sections. (#1779245)\n- Fix a potential memory exhaustion in the BFD library when parsing corrupt DWARF debug information.\n[2.30-70]\n- Re-enable strip merging build notes. (#1777760)\n[2.30-69]\n- Fix linker testsuite failures triggered by annobin update.\n[2.30-68]\n- Backport H.J.Lus patch to add a workaround for the JCC Errata to the assembler. (#1777002)\n[2.30-67]\n- Fix a buffer overrun in the note merging code. (#1774507)\n[2.30-66]\n- Fix a seg-fault in gold when linking corrupt input files. (#1739254)\n[2.30-65]\n- NVR bump to allow rebuild with reverted version of glibc in the buildroot.\n[2.30-64]\n- Stop note merging with no effect from creating null filled note sections.\n[2.30-63]\n- Stop objcopy from generating a exit failure status when merging corrupt notes.\n[2.30-62]\n- Fix binutils testsuite failure introduced by -60 patch. (#1767711)\n[2.30-61]\n- Enable threading in the GOLD linker. (#1729225)\n- Add check to readelf in order to prevent an integer overflow.\n[2.30-60]\n- Add support for SVE Vector PCS on AArch64. (#1726637)\n- Add fixes for coverity test failures.\n- Improve objcopys ability to merge GNU build attribute notes.\n[2.30-59]\n- Stop the linker from merging groups with different settings of the SHF_EXCLUDE flag. (#1730906)", "edition": 1, "modified": "2020-05-05T00:00:00", "published": "2020-05-05T00:00:00", "id": "ELSA-2020-1797", "href": "http://linux.oracle.com/errata/ELSA-2020-1797.html", "title": "binutils security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-16T20:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000876", "CVE-2018-12697", "CVE-2018-12641"], "description": "[2.27-41.base.0.1]\n- Complete the backport of upstream commit a5def14f1ca70e14d9433cb229c9369fa3051598\n Add a test for R_386_GOT32/R_386_GOT32X IFUNC reloc error\n [Orabug 27930573]\n- Reviewed-by: Jose E. Marchesi \n[2.27-41.base]\n- Fix up some linker tests that fail because of the R_x86_64_GOTPCRELX patch. (#1699745)\n[2.27-40.base]\n- Enable gold for PowerPC and s390x. (#1670014)\n[2.27-39.base]\n- Fix a potential illegal memory access triggered by an integer overflow. (#1665884)\n[2.27-38.base]\n- Disable optimizations of x06_64 PLT entries. (#1624779)\n[2.27-37.base]\n- Add the .attach-to-group pseudo-op to the assembler. (#1652587)\n[2.27-36.base]\n- Prevent resource exhaustion attacks on libibertys name demangling code. (#1598561)\n[2.27-35.base]\n- Stop strip crashing when removing .comment sections. (#1644632)", "edition": 2, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2075", "href": "http://linux.oracle.com/errata/ELSA-2019-2075.html", "title": "binutils security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2020-04-30T19:36:11", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1010180"], "description": "The GNU Debugger (GDB) allows users to debug programs written in various programming languages including C, C++, and Fortran. \n\nSecurity Fix(es):\n\n* gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution (CVE-2019-1010180)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.", "modified": "2020-04-28T14:46:29", "published": "2020-04-28T12:59:01", "id": "RHSA-2020:1635", "href": "https://access.redhat.com/errata/RHSA-2020:1635", "type": "redhat", "title": "(RHSA-2020:1635) Moderate: gdb security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-04T02:32:54", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17450"], "description": "The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: denial of service via crafted ELF file (CVE-2019-17450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "modified": "2020-11-04T05:06:09", "published": "2020-11-03T17:07:20", "id": "RHSA-2020:4465", "href": "https://access.redhat.com/errata/RHSA-2020:4465", "type": "redhat", "title": "(RHSA-2020:4465) Low: binutils security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-30T19:35:33", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1010204", "CVE-2019-17451"], "description": "The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c (CVE-2019-17451)\n\n* binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service (CVE-2019-1010204)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.", "modified": "2020-04-28T14:48:32", "published": "2020-04-28T13:17:47", "id": "RHSA-2020:1797", "href": "https://access.redhat.com/errata/RHSA-2020:1797", "type": "redhat", "title": "(RHSA-2020:1797) Low: binutils security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-15T00:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000876", "CVE-2018-12641", "CVE-2018-12697"], "description": "The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: integer overflow leads to heap-based buffer overflow in objdump (CVE-2018-1000876)\n\n* binutils: Stack Exhaustion in the demangling functions provided by libiberty (CVE-2018-12641)\n\n* binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c. (CVE-2018-12697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2019-08-06T13:45:43", "published": "2019-08-06T11:58:08", "id": "RHSA-2019:2075", "href": "https://access.redhat.com/errata/RHSA-2019:2075", "type": "redhat", "title": "(RHSA-2019:2075) Moderate: binutils security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000876", "CVE-2018-12697", "CVE-2018-12641"], "description": "**Issue Overview:**\n\nAn issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. ([CVE-2018-12641 __](<https://access.redhat.com/security/cve/CVE-2018-12641>))\n\nA NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. ([CVE-2018-12697 __](<https://access.redhat.com/security/cve/CVE-2018-12697>))\n\nbinutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. ([CVE-2018-1000876 __](<https://access.redhat.com/security/cve/CVE-2018-1000876>))\n\n \n**Affected Packages:** \n\n\nbinutils\n\n \n**Issue Correction:** \nRun _yum update binutils_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n binutils-2.29.1-29.amzn2.aarch64 \n binutils-devel-2.29.1-29.amzn2.aarch64 \n binutils-debuginfo-2.29.1-29.amzn2.aarch64 \n \n i686: \n binutils-2.29.1-29.amzn2.i686 \n binutils-devel-2.29.1-29.amzn2.i686 \n binutils-debuginfo-2.29.1-29.amzn2.i686 \n \n src: \n binutils-2.29.1-29.amzn2.src \n \n x86_64: \n binutils-2.29.1-29.amzn2.x86_64 \n binutils-devel-2.29.1-29.amzn2.x86_64 \n binutils-debuginfo-2.29.1-29.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-11-11T17:35:00", "published": "2019-11-11T17:35:00", "id": "ALAS2-2019-1358", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1358.html", "title": "Medium: binutils", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:24:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000876", "CVE-2018-12697", "CVE-2018-12641"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2075\n\n\nThe binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: integer overflow leads to heap-based buffer overflow in objdump (CVE-2018-1000876)\n\n* binutils: Stack Exhaustion in the demangling functions provided by libiberty (CVE-2018-12641)\n\n* binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c. (CVE-2018-12697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005818.html\n\n**Affected packages:**\nbinutils\nbinutils-devel\n\n**Upstream details at:**\n", "edition": 2, "modified": "2019-08-30T02:35:38", "published": "2019-08-30T02:35:38", "id": "CESA-2019:2075", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2019-August/005818.html", "title": "binutils security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}