binutils-2.30-108.el8
エラータID: AXSA:2021-2582:05
The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.
Security Fix(es):
* binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (CVE-2021-3487)
* binutils: Race window allows users to own arbitrary files (CVE-2021-20197)
* binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448)
* binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-35448
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
CVE-2021-20197
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
CVE-2021-20284
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
CVE-2021-3487
There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.
Update packages.
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.
N/A
SRPMS
- binutils-2.30-108.el8.src.rpm
MD5: 4c29b7d0574b12b31e7b0107a557965d
SHA-256: 061e3f353c5277e84ff1bf8de295c13d789079a45d7713a0a7b934689ab29854
Size: 20.01 MB
Asianux Server 8 for x86_64
- binutils-2.30-108.el8.x86_64.rpm
MD5: f0a86eb5400f8929206155196ccd8191
SHA-256: 46f7320f82377b4871207cbd747e92bacea74800f1a415230d43394c2e3bac5f
Size: 5.80 MB - binutils-devel-2.30-108.el8.x86_64.rpm
MD5: e2f0763999812752da76c15d5402cfdb
SHA-256: e2672c78a62ec60769034c4d86c4137376fa53d4c021fc2da427af762a74e1c0
Size: 3.66 MB - binutils-devel-2.30-108.el8.i686.rpm
MD5: 80b3f52ab9b2926ca2726815f089a2cb
SHA-256: f0e2934387e74526b4bdae04b4b988fafc2ba43a3a7e7704e8aeafc6c8367acf
Size: 3.51 MB
日本語