binutils-2.30-75.el8

エラータID: AXSA:2020-361:08

Release date: 
Tuesday, September 15, 2020 - 13:28
Subject: 
binutils-2.30-75.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The binutils packages provide a collection of binary utilities for the
manipulation of object code in various object file formats. It includes the ar,
as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and
addr2line utilities.

Security Fix(es):

* binutils: integer overflow leading to a SEGV in
_bfd_dwarf2_find_nearest_line in dwarf2.c (CVE-2019-17451)

* binutils: Improper Input Validation, Signed/Unsigned Comparison,
Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial
of service (CVE-2019-1010204)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Bug Fix(es):

- Stop the BFD library from issueing warning messages about allocated sections
being found outside of loadable segments. (#1630115)
- Fix linker testsuite failures for the aarch64 and s390x targets. (#1632775,
#1809101)
- Fix building the binutils with address sanitization enabled. (#1678323)
- Add support for the PT_GNU_PROPERTY segment. (#1721606)
- Fix an internal error in the GOLD linker. (#1722715)
- Fix the generation of corrupt .note.gnu.property notes. (#1723533)
- Stop objcopy's --set-section-flags option from setting the 'shared' flag on
non-COFF binaries. (#1807308)
- Fix a bug in the secondary reloc processing code. (#1809186)
- Prevent the s/390 linker from rewriting the GOT access for certain symbol
types. (#1846972)

CVE-2019-1010204
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by:
Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The
impact is: Denial of service. The component is: gold/fileread.cc:497,
elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid
e_shoff header field must be opened.
CVE-2019-17451
An issue was discovered in the Binary File Descriptor (BFD) library (aka
libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading
to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

Solution: 

Update packages.

CVEs: 
CVE-2019-1010204
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.
CVE-2019-17451
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
Additional Info: 

N/A

Download: 

SRPMS
  1. binutils-2.30-75.el8.src.rpm
    MD5: 97283ab9922487a50e0f4c559beb7753
    SHA-256: b2a5d72250d033e968ff78c29f8d3932855c3ec0efbebb74dc4188d0c5b1b483
    Size: 19.77 MB

Asianux Server 8 for x86_64
  1. binutils-2.30-75.el8.x86_64.rpm
    MD5: be1e357f38e82cf27a2c334221968532
    SHA-256: 3dec2893803da40d787f270030c6ee5e4874789f30b6155757d6401145e4fbbb
    Size: 5.74 MB
  2. binutils-devel-2.30-75.el8.x86_64.rpm
    MD5: 2092003fcbc8dd5377cfd52cfc74d84c
    SHA-256: 5e453082464d93c1a87751efba1e3df4a970c1476248dd2c71774eecfef3b866
    Size: 0.99 MB
  3. binutils-devel-2.30-75.el8.i686.rpm
    MD5: 9ec912d65afaa973493da3aec3601ae8
    SHA-256: 432dd5de8acabd13c624efc2d667a95d773f546a176c7047fbf9eb8c778a90a0
    Size: 1.08 MB