Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-2558)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the Huawei EulerOS 'binutils' package(s) announced via the EulerOS-SA-2019-2558 advisory.
Insight
Insight
The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy.(CVE-2018-14038) _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.(CVE-2017-15225) _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.(CVE-2017-14938) A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18605) An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.(CVE-2018-9138) An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18607) An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.(CVE-2019-9074) An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.(CVE-2018-18606) bfd_get_debug_link_info_1 in opn ... Description truncated. Please see the references for more information.
Affected Software
Affected Software
'binutils' package(s) on Huawei EulerOS V2.0SP3.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).
Common Vulnerabilities and Exposures (CVE)
- CVE-2014-9939
- CVE-2017-12452
- CVE-2017-12453
- CVE-2017-12454
- CVE-2017-12456
- CVE-2017-12967
- CVE-2017-13710
- CVE-2017-14128
- CVE-2017-14129
- CVE-2017-14529
- CVE-2017-14930
- CVE-2017-14932
- CVE-2017-14934
- CVE-2017-14938
- CVE-2017-14939
- CVE-2017-14940
- CVE-2017-15021
- CVE-2017-15022
- CVE-2017-15024
- CVE-2017-15025
- CVE-2017-15225
- CVE-2017-15938
- CVE-2017-17080
- CVE-2017-17121
- CVE-2017-17122
- CVE-2017-17123
- CVE-2017-17124
- CVE-2017-6969
- CVE-2017-7210
- CVE-2017-7223
- CVE-2017-7224
- CVE-2017-7225
- CVE-2017-7226
- CVE-2017-7227
- CVE-2017-7299
- CVE-2017-7300
- CVE-2017-7301
- CVE-2017-7614
- CVE-2017-8394
- CVE-2017-8395
- CVE-2017-8421
- CVE-2017-9038
- CVE-2017-9039
- CVE-2017-9041
- CVE-2017-9745
- CVE-2017-9750
- CVE-2017-9751
- CVE-2017-9755
- CVE-2017-9954
- CVE-2018-14038
- CVE-2018-18605
- CVE-2018-18606
- CVE-2018-18607
- CVE-2018-20002
- CVE-2018-6323
- CVE-2018-6759
- CVE-2018-9138
- CVE-2019-9074