Headline
RHSA-2023:3269: Red Hat Security Advisory: devtoolset-12-binutils security update
An update for devtoolset-12-binutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3826: A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.
- CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-23
Updated:
2023-05-23
RHSA-2023:3269 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: devtoolset-12-binutils security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for devtoolset-12-binutils is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.
Security Fix(es):
- binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault (CVE-2022-4285)
- libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c (CVE-2021-3826)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Server for IBM Power) 1 for RHEL 7 ppc64
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 2122627 - CVE-2021-3826 libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c
- BZ - 2150768 - CVE-2022-4285 binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
devtoolset-12-binutils-2.36.1-6.el7.src.rpm
SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc
x86_64
devtoolset-12-binutils-2.36.1-6.el7.i686.rpm
SHA-256: 2e4b3c63018fe397c8d437ce37b416f9f714e4aafe9d5aeaf36a295a26a201c5
devtoolset-12-binutils-2.36.1-6.el7.x86_64.rpm
SHA-256: 5fe12e88032dc22bff9a7307c79cbb7a17786798edd37e74781130667c0fbc88
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.i686.rpm
SHA-256: ba96f77314e5f35377fa293a90d824341395c89af6f35289fe0333d35dc4cd1c
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.x86_64.rpm
SHA-256: ec9807fce02d671701f0d2eb3291185333d0b85c6ed064b935f882ab91dff62e
devtoolset-12-binutils-devel-2.36.1-6.el7.i686.rpm
SHA-256: b342f716220f1f40b6f33466873a9ab41d9a1d67cb6069aca5930e45c3801114
devtoolset-12-binutils-devel-2.36.1-6.el7.x86_64.rpm
SHA-256: ab89c16ee8067fe725b0ef1074299a1fab7881c80417f5e34fc3abb3e8626a13
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
devtoolset-12-binutils-2.36.1-6.el7.src.rpm
SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc
s390x
devtoolset-12-binutils-2.36.1-6.el7.s390x.rpm
SHA-256: 6c73b9b44991161bfaf63e83f3964fb634e7a6b77aae44af0c87078184db980c
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.s390x.rpm
SHA-256: 742417d9cac9611d56f3efebf0b176e1f453f07fbfe5758924677071345344f4
devtoolset-12-binutils-devel-2.36.1-6.el7.s390x.rpm
SHA-256: 92d8585dec31626d557a5b2c059c4b99095068f49b9c27f6cfe34520e7a7e4ac
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM
devtoolset-12-binutils-2.36.1-6.el7.src.rpm
SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc
ppc64le
devtoolset-12-binutils-2.36.1-6.el7.ppc64le.rpm
SHA-256: aca5a582c7704a439fa9d66830c881f57d4e6d85108d591116d41f6fd50533e9
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.ppc64le.rpm
SHA-256: 4da64dddd68576c0f0145d97817be5d21d796007fd92213993744e7614bd5294
devtoolset-12-binutils-devel-2.36.1-6.el7.ppc64le.rpm
SHA-256: cb376f47d3bc65a45cafe610e55a71a17787be350858072b5b115aee5d103438
Red Hat Software Collections (for RHEL Server for IBM Power) 1 for RHEL 7
SRPM
devtoolset-12-binutils-2.36.1-6.el7.src.rpm
SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc
ppc64
devtoolset-12-binutils-2.36.1-6.el7.ppc64.rpm
SHA-256: 3f7d73625389140efe86be690a2144203dc0302f5a6f437508e9999d70368e4f
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.ppc64.rpm
SHA-256: 851f0ad9a237a84589bb335529dd2b6a8ea9bf6238e59d83b77948d8da329a8d
devtoolset-12-binutils-devel-2.36.1-6.el7.ppc64.rpm
SHA-256: 47d61571bd732af8bf9fae40eac426d12d686335905173006cc72af0745f9191
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
devtoolset-12-binutils-2.36.1-6.el7.src.rpm
SHA-256: 2555729277409f06f4083ed2b953b259fdfe42c8f7c1925e71a6bebf74257fbc
x86_64
devtoolset-12-binutils-2.36.1-6.el7.i686.rpm
SHA-256: 2e4b3c63018fe397c8d437ce37b416f9f714e4aafe9d5aeaf36a295a26a201c5
devtoolset-12-binutils-2.36.1-6.el7.x86_64.rpm
SHA-256: 5fe12e88032dc22bff9a7307c79cbb7a17786798edd37e74781130667c0fbc88
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.i686.rpm
SHA-256: ba96f77314e5f35377fa293a90d824341395c89af6f35289fe0333d35dc4cd1c
devtoolset-12-binutils-debuginfo-2.36.1-6.el7.x86_64.rpm
SHA-256: ec9807fce02d671701f0d2eb3291185333d0b85c6ed064b935f882ab91dff62e
devtoolset-12-binutils-devel-2.36.1-6.el7.i686.rpm
SHA-256: b342f716220f1f40b6f33466873a9ab41d9a1d67cb6069aca5930e45c3801114
devtoolset-12-binutils-devel-2.36.1-6.el7.x86_64.rpm
SHA-256: ab89c16ee8067fe725b0ef1074299a1fab7881c80417f5e34fc3abb3e8626a13
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6842-1 - It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Red Hat Security Advisory 2023-6236-01 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a null pointer vulnerability.
Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.
Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
An update for gcc-toolset-12-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.