AXSA:2021-1090:01

Release date: 
Wednesday, January 6, 2021 - 04:44
Subject: 
binutils-2.30-79.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.

Security Fix(es):

* binutils: denial of service via crafted ELF file (CVE-2019-17450)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.3 Release Notes linked from the References section.

CVE-2019-17450
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. binutils-2.30-79.el8.src.rpm
    MD5: 61a7397575989724ba4e17dcff3131a1
    SHA-256: d1c4ef0b7a7ac5873a337d29ca1cd341f2013a0a3a7c5f04f32938a29427a462
    Size: 19.77 MB

Asianux Server 8 for x86_64
  1. binutils-2.30-79.el8.x86_64.rpm
    MD5: 34d95d01a227af0a84bc1bb9322f444e
    SHA-256: c4e01e5dde5db5a20cad437dc1d0cddfec400a12e5c7a10fe3c8d2cd8193f61e
    Size: 5.67 MB
  2. binutils-devel-2.30-79.el8.x86_64.rpm
    MD5: adaccaa08b5f7c940cbb0dbe451163d8
    SHA-256: 4e472d6a64fc7eb09bb9dec6ab9590387bd7caee8f7d93560e022b32a785e5d7
    Size: 0.99 MB
  3. binutils-devel-2.30-79.el8.i686.rpm
    MD5: c5deab06231284cae0a7260a5b7730df
    SHA-256: 9a11bbe647bb35a7fe0c3198bf0e99b2464bbfbf27f73ea271d5c7c82fdb96c9
    Size: 1.08 MB
Copyright© 2007-2015 Asianux. All rights reserved.