Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2450)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the Huawei EulerOS 'binutils' package(s) announced via the EulerOS-SA-2019-2450 advisory.
Insight
Insight
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.(CVE-2018-9138) The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.(CVE-2017-8395) _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.(CVE-2017-14938) opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution.(CVE-2017-9751) elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a 'member access within null pointer' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an 'int main() {return 0, }' program.(CVE-2017-7614) A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18605) An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18606) An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed i ... Description truncated. Please see the references for more information.
Affected Software
Affected Software
'binutils' package(s) on Huawei EulerOS V2.0SP2.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).
Common Vulnerabilities and Exposures (CVE)
- CVE-2014-9939
- CVE-2017-12449
- CVE-2017-12451
- CVE-2017-12452
- CVE-2017-12453
- CVE-2017-12454
- CVE-2017-12455
- CVE-2017-12456
- CVE-2017-12457
- CVE-2017-12458
- CVE-2017-12967
- CVE-2017-13710
- CVE-2017-14128
- CVE-2017-14129
- CVE-2017-14529
- CVE-2017-14930
- CVE-2017-14932
- CVE-2017-14934
- CVE-2017-14938
- CVE-2017-14939
- CVE-2017-14940
- CVE-2017-15021
- CVE-2017-15022
- CVE-2017-15024
- CVE-2017-15025
- CVE-2017-15225
- CVE-2017-17080
- CVE-2017-17121
- CVE-2017-17122
- CVE-2017-17123
- CVE-2017-17124
- CVE-2017-6969
- CVE-2017-7210
- CVE-2017-7223
- CVE-2017-7224
- CVE-2017-7225
- CVE-2017-7226
- CVE-2017-7227
- CVE-2017-7299
- CVE-2017-7300
- CVE-2017-7301
- CVE-2017-7614
- CVE-2017-8394
- CVE-2017-8395
- CVE-2017-9038
- CVE-2017-9039
- CVE-2017-9041
- CVE-2017-9745
- CVE-2017-9750
- CVE-2017-9751
- CVE-2017-9755
- CVE-2017-9954
- CVE-2018-14038
- CVE-2018-18605
- CVE-2018-18606
- CVE-2018-18607
- CVE-2018-20002
- CVE-2018-6759
- CVE-2018-9138
- CVE-2019-1010204
- CVE-2019-9074