Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2873: Red Hat Security Advisory: gcc-toolset-12-binutils security update

An update for gcc-toolset-12-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#nodejs#js#java#kubernetes#c++#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-16

Updated:

2023-05-16

RHSA-2023:2873 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: gcc-toolset-12-binutils security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gcc-toolset-12-binutils is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.

Security Fix(es):

  • binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault (CVE-2022-4285)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2142816 - addr2line from gcc-toolset-11-binutils having errors while compiling code using LTO and Dwarf5
  • BZ - 2150768 - CVE-2022-4285 binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

Red Hat Enterprise Linux for x86_64 8

SRPM

gcc-toolset-12-binutils-2.38-17.el8.src.rpm

SHA-256: 503f50f35dbdabf291a35b21309191cb0b761156b794c380ee06b79faaa16152

x86_64

gcc-toolset-12-binutils-2.38-17.el8.x86_64.rpm

SHA-256: 8207ccc900d348cc0d5c6826e72e421a946e14d2903bda5aee079baf1543a261

gcc-toolset-12-binutils-debuginfo-2.38-17.el8.i686.rpm

SHA-256: 6088b8a3cddd8ac2aba52a9bda53136c6ba235e76fef40316471b2e4d92bbb7c

gcc-toolset-12-binutils-debuginfo-2.38-17.el8.x86_64.rpm

SHA-256: 15c67a9bf5f27294c515dae3f37504d054347f98c37aa2781f0dd0e20e021490

gcc-toolset-12-binutils-devel-2.38-17.el8.i686.rpm

SHA-256: 867562e4e5ceb8a6ec2261b20c4839587c8a505cd5362ce8a805cb971a72d45e

gcc-toolset-12-binutils-devel-2.38-17.el8.x86_64.rpm

SHA-256: 1470b968ec94426ab04158218d742766b18dcd34d3af0328b7b3b5198e8c73a1

gcc-toolset-12-binutils-gold-2.38-17.el8.x86_64.rpm

SHA-256: 97e4081d2b5decbeffea596b0d3e6cade85926f33a09e45011c7f07642026dc4

gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.i686.rpm

SHA-256: e1061e279bd1c349c69d338942e2415f46d74214d9c01289c8440ea3c1811531

gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.x86_64.rpm

SHA-256: 5af62c696e9f02bdbd03d6255291db67f30922a9c6f757de99795f8da4164c00

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

gcc-toolset-12-binutils-2.38-17.el8.src.rpm

SHA-256: 503f50f35dbdabf291a35b21309191cb0b761156b794c380ee06b79faaa16152

s390x

gcc-toolset-12-binutils-2.38-17.el8.s390x.rpm

SHA-256: 09bcdda4dc04b419482d8d1550ff3c8a72d2d4baeeca36e595704757a251212c

gcc-toolset-12-binutils-debuginfo-2.38-17.el8.s390x.rpm

SHA-256: 09a25d3f40795f949f29f7e6c49c52f992e8c1b7ed5d5b1a72ad972b87ca296d

gcc-toolset-12-binutils-devel-2.38-17.el8.s390x.rpm

SHA-256: 6a34b93f98e4ec9bf2b3e73c5be797eacb404d23890d071daaa932772407645f

gcc-toolset-12-binutils-gold-2.38-17.el8.s390x.rpm

SHA-256: a7ad85c45dd64bde899eab045fa58b49e2ab847e40af0da78445c866a2e4f55c

gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.s390x.rpm

SHA-256: 85b043735d82d7800b6749a11d5b83940ef628aa42b92f19f7b1e3c72a555172

Red Hat Enterprise Linux for Power, little endian 8

SRPM

gcc-toolset-12-binutils-2.38-17.el8.src.rpm

SHA-256: 503f50f35dbdabf291a35b21309191cb0b761156b794c380ee06b79faaa16152

ppc64le

gcc-toolset-12-binutils-2.38-17.el8.ppc64le.rpm

SHA-256: 616a09ec60bd55045774984e43162d7eb6a3bb0693e6012a20c5154ef068b222

gcc-toolset-12-binutils-debuginfo-2.38-17.el8.ppc64le.rpm

SHA-256: 84d8e23d3465cbec2253280b3b19663c6fd0931a3784e9326197b09977fa8d9d

gcc-toolset-12-binutils-devel-2.38-17.el8.ppc64le.rpm

SHA-256: 21b72fea49601d2564558857baa849e746e8dc7e64a35d90d43de8d6495a7ee7

gcc-toolset-12-binutils-gold-2.38-17.el8.ppc64le.rpm

SHA-256: 4fc0d14af599bebffb7069838fa433afcf23d2915094bbf9445aa19eb1dae9a0

gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.ppc64le.rpm

SHA-256: cf9f9ad97d7809db784ba82952cb042099eef8fddab14416576ca091ecb1fc08

Red Hat Enterprise Linux for ARM 64 8

SRPM

gcc-toolset-12-binutils-2.38-17.el8.src.rpm

SHA-256: 503f50f35dbdabf291a35b21309191cb0b761156b794c380ee06b79faaa16152

aarch64

gcc-toolset-12-binutils-2.38-17.el8.aarch64.rpm

SHA-256: b0290ff6c27d8e1039c016c129d397fb06e674797254dea41cdf41f89fb432aa

gcc-toolset-12-binutils-debuginfo-2.38-17.el8.aarch64.rpm

SHA-256: f3a47f56ce6f3a57e3cbf24d2f6e13bc0af09a0aa9304e0bbdad137065e11379

gcc-toolset-12-binutils-devel-2.38-17.el8.aarch64.rpm

SHA-256: 755980e7dd31c6e06aa7ecd49af978b3c5c3cfc9e8346d1579c1dda82d3c1d47

gcc-toolset-12-binutils-gold-2.38-17.el8.aarch64.rpm

SHA-256: 781d41caf09acd166b7b936fd9a49f0e191ccd637f1fdbe1a407f5179045cbda

gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.aarch64.rpm

SHA-256: dc3dcba6b48107a1683da3b94461e4a5435245af24c644c892473b0014db262b

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-6842-1

Ubuntu Security Notice 6842-1 - It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6544-1

Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Red Hat Security Advisory 2023-6236-01

Red Hat Security Advisory 2023-6236-01 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a null pointer vulnerability.

Gentoo Linux Security Advisory 202309-15

Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.

Red Hat Security Advisory 2023-3269-01

Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.

RHSA-2023:3269: Red Hat Security Advisory: devtoolset-12-binutils security update

An update for devtoolset-12-binutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3826: A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service. * CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of servi...

CVE-2022-4285: Invalid Bug ID

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.