Headline
RHSA-2023:2873: Red Hat Security Advisory: gcc-toolset-12-binutils security update
An update for gcc-toolset-12-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-16
Updated:
2023-05-16
RHSA-2023:2873 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: gcc-toolset-12-binutils security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for gcc-toolset-12-binutils is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.
Security Fix(es):
- binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault (CVE-2022-4285)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2142816 - addr2line from gcc-toolset-11-binutils having errors while compiling code using LTO and Dwarf5
- BZ - 2150768 - CVE-2022-4285 binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
gcc-toolset-12-binutils-2.38-17.el8.src.rpm
SHA-256: 503f50f35dbdabf291a35b21309191cb0b761156b794c380ee06b79faaa16152
x86_64
gcc-toolset-12-binutils-2.38-17.el8.x86_64.rpm
SHA-256: 8207ccc900d348cc0d5c6826e72e421a946e14d2903bda5aee079baf1543a261
gcc-toolset-12-binutils-debuginfo-2.38-17.el8.i686.rpm
SHA-256: 6088b8a3cddd8ac2aba52a9bda53136c6ba235e76fef40316471b2e4d92bbb7c
gcc-toolset-12-binutils-debuginfo-2.38-17.el8.x86_64.rpm
SHA-256: 15c67a9bf5f27294c515dae3f37504d054347f98c37aa2781f0dd0e20e021490
gcc-toolset-12-binutils-devel-2.38-17.el8.i686.rpm
SHA-256: 867562e4e5ceb8a6ec2261b20c4839587c8a505cd5362ce8a805cb971a72d45e
gcc-toolset-12-binutils-devel-2.38-17.el8.x86_64.rpm
SHA-256: 1470b968ec94426ab04158218d742766b18dcd34d3af0328b7b3b5198e8c73a1
gcc-toolset-12-binutils-gold-2.38-17.el8.x86_64.rpm
SHA-256: 97e4081d2b5decbeffea596b0d3e6cade85926f33a09e45011c7f07642026dc4
gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.i686.rpm
SHA-256: e1061e279bd1c349c69d338942e2415f46d74214d9c01289c8440ea3c1811531
gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.x86_64.rpm
SHA-256: 5af62c696e9f02bdbd03d6255291db67f30922a9c6f757de99795f8da4164c00
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
gcc-toolset-12-binutils-2.38-17.el8.src.rpm
SHA-256: 503f50f35dbdabf291a35b21309191cb0b761156b794c380ee06b79faaa16152
s390x
gcc-toolset-12-binutils-2.38-17.el8.s390x.rpm
SHA-256: 09bcdda4dc04b419482d8d1550ff3c8a72d2d4baeeca36e595704757a251212c
gcc-toolset-12-binutils-debuginfo-2.38-17.el8.s390x.rpm
SHA-256: 09a25d3f40795f949f29f7e6c49c52f992e8c1b7ed5d5b1a72ad972b87ca296d
gcc-toolset-12-binutils-devel-2.38-17.el8.s390x.rpm
SHA-256: 6a34b93f98e4ec9bf2b3e73c5be797eacb404d23890d071daaa932772407645f
gcc-toolset-12-binutils-gold-2.38-17.el8.s390x.rpm
SHA-256: a7ad85c45dd64bde899eab045fa58b49e2ab847e40af0da78445c866a2e4f55c
gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.s390x.rpm
SHA-256: 85b043735d82d7800b6749a11d5b83940ef628aa42b92f19f7b1e3c72a555172
Red Hat Enterprise Linux for Power, little endian 8
SRPM
gcc-toolset-12-binutils-2.38-17.el8.src.rpm
SHA-256: 503f50f35dbdabf291a35b21309191cb0b761156b794c380ee06b79faaa16152
ppc64le
gcc-toolset-12-binutils-2.38-17.el8.ppc64le.rpm
SHA-256: 616a09ec60bd55045774984e43162d7eb6a3bb0693e6012a20c5154ef068b222
gcc-toolset-12-binutils-debuginfo-2.38-17.el8.ppc64le.rpm
SHA-256: 84d8e23d3465cbec2253280b3b19663c6fd0931a3784e9326197b09977fa8d9d
gcc-toolset-12-binutils-devel-2.38-17.el8.ppc64le.rpm
SHA-256: 21b72fea49601d2564558857baa849e746e8dc7e64a35d90d43de8d6495a7ee7
gcc-toolset-12-binutils-gold-2.38-17.el8.ppc64le.rpm
SHA-256: 4fc0d14af599bebffb7069838fa433afcf23d2915094bbf9445aa19eb1dae9a0
gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.ppc64le.rpm
SHA-256: cf9f9ad97d7809db784ba82952cb042099eef8fddab14416576ca091ecb1fc08
Red Hat Enterprise Linux for ARM 64 8
SRPM
gcc-toolset-12-binutils-2.38-17.el8.src.rpm
SHA-256: 503f50f35dbdabf291a35b21309191cb0b761156b794c380ee06b79faaa16152
aarch64
gcc-toolset-12-binutils-2.38-17.el8.aarch64.rpm
SHA-256: b0290ff6c27d8e1039c016c129d397fb06e674797254dea41cdf41f89fb432aa
gcc-toolset-12-binutils-debuginfo-2.38-17.el8.aarch64.rpm
SHA-256: f3a47f56ce6f3a57e3cbf24d2f6e13bc0af09a0aa9304e0bbdad137065e11379
gcc-toolset-12-binutils-devel-2.38-17.el8.aarch64.rpm
SHA-256: 755980e7dd31c6e06aa7ecd49af978b3c5c3cfc9e8346d1579c1dda82d3c1d47
gcc-toolset-12-binutils-gold-2.38-17.el8.aarch64.rpm
SHA-256: 781d41caf09acd166b7b936fd9a49f0e191ccd637f1fdbe1a407f5179045cbda
gcc-toolset-12-binutils-gold-debuginfo-2.38-17.el8.aarch64.rpm
SHA-256: dc3dcba6b48107a1683da3b94461e4a5435245af24c644c892473b0014db262b
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6842-1 - It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Red Hat Security Advisory 2023-6236-01 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a null pointer vulnerability.
Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.
Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.
An update for devtoolset-12-binutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3826: A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service. * CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of servi...
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.