Все бюллетени/sisyphus_e2k/ALT-PU-2023-2815-1
ALT-PU-2023-2815-1

Обновление пакета binutils в ветке sisyphus_e2k

Версия2.36-alt2.E2K.26.012
Задание#0
Опубликовано2023-03-11
Макс. серьёзностьHIGH
Серьёзность:

Закрытые проблемы (8)

BDU:2022-05843
MEDIUM6.5

Уязвимость функции read_section() компонента dwarf2.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-09-21Изменено: 2022-10-20
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.0ВЫСОКАЯ 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2020-16590
MEDIUM5.5

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

Опубликовано: 2020-12-09Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ссылки
CVE-2020-16591
MEDIUM5.5

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.

Опубликовано: 2020-12-09Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ссылки
CVE-2020-16593
MEDIUM5.5

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

Опубликовано: 2020-12-09Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ссылки
CVE-2020-16599
MEDIUM5.5

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

Опубликовано: 2020-12-09Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ссылки
CVE-2021-20197
MEDIUM6.3

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

Опубликовано: 2021-03-26Изменено: 2025-12-03
CVSS 2.0НИЗКАЯ 3.3
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:N
CVSS 3.xСРЕДНЯЯ 6.3
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Ссылки
CVE-2021-20294
HIGH7.8

A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

Опубликовано: 2021-04-29Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ссылки
CVE-2021-3487
NONE

Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt

Опубликовано: 2021-04-15Изменено: 2023-11-20