Synopsis: Low: binutils security, bug fix, and enhancement update
Advisory ID: SLSA-2018:3032-1
Issue Date: 2018-10-30
CVE Numbers: CVE-2018-7208
CVE-2018-7568
CVE-2018-7569
CVE-2018-7642
CVE-2018-7643
CVE-2018-8945
CVE-2018-10372
CVE-2018-10373
CVE-2018-10534
CVE-2018-10535
CVE-2018-13033
—
Security Fix(es):
* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux()
allows for denial of service when parsing a crafted COFF file
(CVE-2018-7208)
* binutils: integer overflow via an ELF file with corrupt dwarf1 debug
information in libbfd library (CVE-2018-7568)
* binutils: integer underflow or overflow via an ELF file with a corrupt
DWARF FORM block in libbfd library (CVE-2018-7569)
* binutils: NULL pointer dereference in swap_std_reloc_in function in
aoutx.h resulting in crash (CVE-2018-7642)
* binutils: Integer overflow in the display_debug_ranges function
resulting in crash (CVE-2018-7643)
* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable
(CVE-2018-8945)
* binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index()
allows for denial of service via crafted file (CVE-2018-10372)
* binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows
for denial of service via crafted file (CVE-2018-10373)
* binutils: out of bounds memory write in peXXigen.c files
(CVE-2018-10534)
* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)
* binutils: Uncontrolled Resource Consumption in execution of nm
(CVE-2018-13033)
—
SL7
x86_64
binutils-2.27-34.base.el7.x86_64.rpm
binutils-debuginfo-2.27-34.base.el7.x86_64.rpm
binutils-debuginfo-2.27-34.base.el7.i686.rpm
binutils-devel-2.27-34.base.el7.i686.rpm
binutils-devel-2.27-34.base.el7.x86_64.rpm
– Scientific Linux Development Team
