OVAL Reference oval:org.opensuse.security:def:58183

Oval Definition:

oval:org.opensuse.security:def:58183

Revision Date:	2020-12-01	Version:	1
Title:	Security update for binutils (Moderate)
Description:	This update for binutils fixes the following issues: binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]: Includes the following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - Enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO problems (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section Update to binutils 2.32: The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0\|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes\|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Handle ELF compressed header alignment correctly.
Family:	unix	Class:	patch
Status:		Reference(s):	1010201 1012382 1012829 1017461 1020645 1021424 1022595 1022600 1022914 1024412 1025461 1027301 1028971 1029907 1029908 1029909 1030061 1030296 1030297 1030298 1030584 1030585 1030588 1030589 1031590 1031593 1031595 1031638 1031644 1031656 1031717 1032029 1033238 1034048 1037052 1037057 1037061 1037066 1037120 1037273 1037890 1040153 1040968 1043900 1044891 1044897 1044901 1044909 1044925 1044927 1045290 1046107 1046750 1050060 1050231 1053919 1055567 1056003 1056365 1056427 1056979 1057199 1058135 1059863 1060333 1060682 1060985 1061451 1061756 1062520 1062941 1062962 1063026 1063460 1063475 1063501 1063509 1063516 1063520 1063695 1064206 1064701 1064926 1065180 1065600 1065639 1065643 1065689 1065692 1065693 1065717 1065866 1066045 1066192 1066213 1066223 1066285 1066382 1066470 1066471 1066472 1066573 1066606 1066629 1067105 1067132 1067494 1067888 1068640 1068643 1068671 1068887 1068888 1068950 1068978 1068980 1068982 1069176 1069202 1069270 1069793 1069942 1069996 1070006 1070145 1070535 1070767 1070771 1070805 1070825 1070964 1071231 1071693 1071694 1071695 1071833 1074741 1077745 1079103 1079741 1080556 1081527 1083528 1083532 1085784 1086608 1086784 1086786 1086788 1090997 1091015 1091365 1091368 1097356 1104668 1107832 1109412 1109413 1109414 1110233 1111996 1112142 1112143 1112144 1112146 1112147 1112148 1112152 1112153 1112534 1112535 1113247 1113252 1113255 1116827 1118830 1118831 1120640 1121034 1121035 1121056 1123823 1123828 1123832 1133131 1133232 1136446 1137597 1140747 1141670 1141913 1142772 1159352 1160305 1160498 1163933 1164692 1169511 1169659 1170313 1170423 1172277 963575 964944 966170 966172 966186 966191 966316 966318 969474 969475 969476 969477 971975 974590 979928 986216 989261 996376 CVE-2014-9939 CVE-2015-9542 CVE-2016-0705 CVE-2017-1000410 CVE-2017-11600 CVE-2017-12193 CVE-2017-15115 CVE-2017-15265 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16528 CVE-2017-16536 CVE-2017-16537 CVE-2017-16645 CVE-2017-16646 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-16994 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-3732 CVE-2017-3736 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-7482 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-8824 CVE-2017-9445 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-1000876 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-12539 CVE-2018-13785 CVE-2018-14633 CVE-2018-1517 CVE-2018-16435 CVE-2018-1656 CVE-2018-17182 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 CVE-2018-5848 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 CVE-2019-11477 CVE-2019-11478 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12524 CVE-2019-16775 CVE-2019-16776 CVE-2019-16777 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 CVE-2019-3846 CVE-2020-11945 CVE-2020-1938 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 SUSE-SU-2017:1898-1 SUSE-SU-2017:3410-1 SUSE-SU-2019:0057-1 SUSE-SU-2019:0313-1 SUSE-SU-2019:2650-1 SUSE-SU-2020:0068-1 SUSE-SU-2020:0247-1 SUSE-SU-2020:0725-1 SUSE-SU-2020:1117-1 SUSE-SU-2020:1227-1 SUSE-SU-2020:1683-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information pam-1.3.0-lp150.4 is installed OR pam-32bit-1.3.0-lp150.4 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND enigmail-2.0.11-31 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information dracut-044.1-109.8 is installed OR dracut-fips-044.1-109.8 is installed OR libsystemd0-228-150.7 is installed OR libsystemd0-32bit-228-150.7 is installed OR libudev1-228-150.7 is installed OR libudev1-32bit-228-150.7 is installed OR systemd-228-150.7 is installed OR systemd-32bit-228-150.7 is installed OR systemd-bash-completion-228-150.7 is installed OR systemd-sysvinit-228-150.7 is installed OR udev-228-150.7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND squid-3.5.21-26.23 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_73-default-8-2 is installed OR kgraft-patch-SLE12-SP2_Update_21-8-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information giflib-progs-5.0.5-12 is installed OR libgif6-5.0.5-12 is installed OR libgif6-32bit-5.0.5-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.2-2.53 is installed OR libwebkit2gtk-4_0-37-2.28.2-2.53 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53 is installed OR typelib-1_0-WebKit2-4_0-2.28.2-2.53 is installed OR webkit2gtk-4_0-injected-bundles-2.28.2-2.53 is installed OR webkit2gtk3-2.28.2-2.53 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_100-default-2-2 is installed OR kgraft-patch-SLE12-SP3_Update_27-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND ucode-intel-20190618-13.47 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information bluez-5.13-5.15 is installed OR libbluetooth3-5.13-5.15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information fuse-2.9.3-6.3 is installed OR libfuse2-2.9.3-6.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information binutils-2.32-9.33 is installed OR binutils-devel-2.32-9.33 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information dnsmasq-2.78-18.6 is installed OR dnsmasq-utils-2.78-18.6 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information perl-5.18.2-12.20 is installed OR perl-32bit-5.18.2-12.20 is installed OR perl-base-5.18.2-12.20 is installed OR perl-doc-5.18.2-12.20 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND python-Twisted-15.2.1-9.5 is installed

BACK