Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3269: Red Hat Security Advisory: devtoolset-12-binutils security update

An update for devtoolset-12-binutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-3826: A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.
  • CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#nodejs#js#java#kubernetes#aws#buffer_overflow#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-23

Updated:

2023-05-23

RHSA-2023:3269 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: devtoolset-12-binutils security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for devtoolset-12-binutils is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.

Security Fix(es):

  • binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault (CVE-2022-4285)
  • libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c (CVE-2021-3826)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Server for IBM Power) 1 for RHEL 7 ppc64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 2122627 - CVE-2021-3826 libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c
  • BZ - 2150768 - CVE-2022-4285 binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM

devtoolset-12-binutils-2.36.1-6.el7.src.rpm

SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc

x86_64

devtoolset-12-binutils-2.36.1-6.el7.i686.rpm

SHA-256: 2e4b3c63018fe397c8d437ce37b416f9f714e4aafe9d5aeaf36a295a26a201c5

devtoolset-12-binutils-2.36.1-6.el7.x86_64.rpm

SHA-256: 5fe12e88032dc22bff9a7307c79cbb7a17786798edd37e74781130667c0fbc88

devtoolset-12-binutils-debuginfo-2.36.1-6.el7.i686.rpm

SHA-256: ba96f77314e5f35377fa293a90d824341395c89af6f35289fe0333d35dc4cd1c

devtoolset-12-binutils-debuginfo-2.36.1-6.el7.x86_64.rpm

SHA-256: ec9807fce02d671701f0d2eb3291185333d0b85c6ed064b935f882ab91dff62e

devtoolset-12-binutils-devel-2.36.1-6.el7.i686.rpm

SHA-256: b342f716220f1f40b6f33466873a9ab41d9a1d67cb6069aca5930e45c3801114

devtoolset-12-binutils-devel-2.36.1-6.el7.x86_64.rpm

SHA-256: ab89c16ee8067fe725b0ef1074299a1fab7881c80417f5e34fc3abb3e8626a13

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM

devtoolset-12-binutils-2.36.1-6.el7.src.rpm

SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc

s390x

devtoolset-12-binutils-2.36.1-6.el7.s390x.rpm

SHA-256: 6c73b9b44991161bfaf63e83f3964fb634e7a6b77aae44af0c87078184db980c

devtoolset-12-binutils-debuginfo-2.36.1-6.el7.s390x.rpm

SHA-256: 742417d9cac9611d56f3efebf0b176e1f453f07fbfe5758924677071345344f4

devtoolset-12-binutils-devel-2.36.1-6.el7.s390x.rpm

SHA-256: 92d8585dec31626d557a5b2c059c4b99095068f49b9c27f6cfe34520e7a7e4ac

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM

devtoolset-12-binutils-2.36.1-6.el7.src.rpm

SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc

ppc64le

devtoolset-12-binutils-2.36.1-6.el7.ppc64le.rpm

SHA-256: aca5a582c7704a439fa9d66830c881f57d4e6d85108d591116d41f6fd50533e9

devtoolset-12-binutils-debuginfo-2.36.1-6.el7.ppc64le.rpm

SHA-256: 4da64dddd68576c0f0145d97817be5d21d796007fd92213993744e7614bd5294

devtoolset-12-binutils-devel-2.36.1-6.el7.ppc64le.rpm

SHA-256: cb376f47d3bc65a45cafe610e55a71a17787be350858072b5b115aee5d103438

Red Hat Software Collections (for RHEL Server for IBM Power) 1 for RHEL 7

SRPM

devtoolset-12-binutils-2.36.1-6.el7.src.rpm

SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc

ppc64

devtoolset-12-binutils-2.36.1-6.el7.ppc64.rpm

SHA-256: 3f7d73625389140efe86be690a2144203dc0302f5a6f437508e9999d70368e4f

devtoolset-12-binutils-debuginfo-2.36.1-6.el7.ppc64.rpm

SHA-256: 851f0ad9a237a84589bb335529dd2b6a8ea9bf6238e59d83b77948d8da329a8d

devtoolset-12-binutils-devel-2.36.1-6.el7.ppc64.rpm

SHA-256: 47d61571bd732af8bf9fae40eac426d12d686335905173006cc72af0745f9191

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM

devtoolset-12-binutils-2.36.1-6.el7.src.rpm

SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc

x86_64

devtoolset-12-binutils-2.36.1-6.el7.i686.rpm

SHA-256: 2e4b3c63018fe397c8d437ce37b416f9f714e4aafe9d5aeaf36a295a26a201c5

devtoolset-12-binutils-2.36.1-6.el7.x86_64.rpm

SHA-256: 5fe12e88032dc22bff9a7307c79cbb7a17786798edd37e74781130667c0fbc88

devtoolset-12-binutils-debuginfo-2.36.1-6.el7.i686.rpm

SHA-256: ba96f77314e5f35377fa293a90d824341395c89af6f35289fe0333d35dc4cd1c

devtoolset-12-binutils-debuginfo-2.36.1-6.el7.x86_64.rpm

SHA-256: ec9807fce02d671701f0d2eb3291185333d0b85c6ed064b935f882ab91dff62e

devtoolset-12-binutils-devel-2.36.1-6.el7.i686.rpm

SHA-256: b342f716220f1f40b6f33466873a9ab41d9a1d67cb6069aca5930e45c3801114

devtoolset-12-binutils-devel-2.36.1-6.el7.x86_64.rpm

SHA-256: ab89c16ee8067fe725b0ef1074299a1fab7881c80417f5e34fc3abb3e8626a13

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-6842-1

Ubuntu Security Notice 6842-1 - It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6544-1

Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Red Hat Security Advisory 2023-6236-01

Red Hat Security Advisory 2023-6236-01 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a null pointer vulnerability.

Gentoo Linux Security Advisory 202309-15

Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.

Red Hat Security Advisory 2023-3269-01

Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:2873: Red Hat Security Advisory: gcc-toolset-12-binutils security update

An update for gcc-toolset-12-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

CVE-2022-4285: Invalid Bug ID

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

CVE-2021-3826: [PATCH] libiberty: prevent null dereferencing on dlang_type

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.