binutils-2.39-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12631 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z binutils-2.39-2.1 on GA media These are all security issues fixed in the binutils-2.39-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12631 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12631 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-3648/ SUSE CVE CVE-2021-3648 page https://www.suse.com/security/cve/CVE-2021-3826/ SUSE CVE CVE-2021-3826 page https://www.suse.com/security/cve/CVE-2021-45078/ SUSE CVE CVE-2021-45078 page https://www.suse.com/security/cve/CVE-2021-46195/ SUSE CVE CVE-2021-46195 page https://www.suse.com/security/cve/CVE-2022-27943/ SUSE CVE CVE-2022-27943 page https://www.suse.com/security/cve/CVE-2022-38126/ SUSE CVE CVE-2022-38126 page https://www.suse.com/security/cve/CVE-2022-38127/ SUSE CVE CVE-2022-38127 page https://www.suse.com/security/cve/CVE-2022-38533/ SUSE CVE CVE-2022-38533 page openSUSE Tumbleweed binutils-2.39-2.1 binutils-devel-2.39-2.1 binutils-devel-32bit-2.39-2.1 binutils-gold-2.39-2.1 gprofng-2.39-2.1 libctf-nobfd0-2.39-2.1 libctf0-2.39-2.1 binutils-2.39-2.1 as a component of openSUSE Tumbleweed binutils-devel-2.39-2.1 as a component of openSUSE Tumbleweed binutils-devel-32bit-2.39-2.1 as a component of openSUSE Tumbleweed binutils-gold-2.39-2.1 as a component of openSUSE Tumbleweed gprofng-2.39-2.1 as a component of openSUSE Tumbleweed libctf-nobfd0-2.39-2.1 as a component of openSUSE Tumbleweed libctf0-2.39-2.1 as a component of openSUSE Tumbleweed ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate is a reservation duplicate of CVE-2021-3530. Notes: All CVE users should reference CVE-2021-3530 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2021-3648 openSUSE Tumbleweed:binutils-2.39-2.1 openSUSE Tumbleweed:binutils-devel-2.39-2.1 openSUSE Tumbleweed:binutils-devel-32bit-2.39-2.1 openSUSE Tumbleweed:binutils-gold-2.39-2.1 openSUSE Tumbleweed:gprofng-2.39-2.1 openSUSE Tumbleweed:libctf-nobfd0-2.39-2.1 openSUSE Tumbleweed:libctf0-2.39-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3648.html CVE-2021-3648 https://bugzilla.suse.com/1188374 SUSE Bug 1188374 Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. CVE-2021-3826 openSUSE Tumbleweed:binutils-2.39-2.1 openSUSE Tumbleweed:binutils-devel-2.39-2.1 openSUSE Tumbleweed:binutils-devel-32bit-2.39-2.1 openSUSE Tumbleweed:binutils-gold-2.39-2.1 openSUSE Tumbleweed:gprofng-2.39-2.1 openSUSE Tumbleweed:libctf-nobfd0-2.39-2.1 openSUSE Tumbleweed:libctf0-2.39-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3826.html CVE-2021-3826 https://bugzilla.suse.com/1202969 SUSE Bug 1202969 stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. CVE-2021-45078 openSUSE Tumbleweed:binutils-2.39-2.1 openSUSE Tumbleweed:binutils-devel-2.39-2.1 openSUSE Tumbleweed:binutils-devel-32bit-2.39-2.1 openSUSE Tumbleweed:binutils-gold-2.39-2.1 openSUSE Tumbleweed:gprofng-2.39-2.1 openSUSE Tumbleweed:libctf-nobfd0-2.39-2.1 openSUSE Tumbleweed:libctf0-2.39-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-45078.html CVE-2021-45078 https://bugzilla.suse.com/1193929 SUSE Bug 1193929 GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. CVE-2021-46195 openSUSE Tumbleweed:binutils-2.39-2.1 openSUSE Tumbleweed:binutils-devel-2.39-2.1 openSUSE Tumbleweed:binutils-devel-32bit-2.39-2.1 openSUSE Tumbleweed:binutils-gold-2.39-2.1 openSUSE Tumbleweed:gprofng-2.39-2.1 openSUSE Tumbleweed:libctf-nobfd0-2.39-2.1 openSUSE Tumbleweed:libctf0-2.39-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-46195.html CVE-2021-46195 https://bugzilla.suse.com/1194783 SUSE Bug 1194783 libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. CVE-2022-27943 openSUSE Tumbleweed:binutils-2.39-2.1 openSUSE Tumbleweed:binutils-devel-2.39-2.1 openSUSE Tumbleweed:binutils-devel-32bit-2.39-2.1 openSUSE Tumbleweed:binutils-gold-2.39-2.1 openSUSE Tumbleweed:gprofng-2.39-2.1 openSUSE Tumbleweed:libctf-nobfd0-2.39-2.1 openSUSE Tumbleweed:libctf0-2.39-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-27943.html CVE-2022-27943 https://bugzilla.suse.com/1197592 SUSE Bug 1197592 https://bugzilla.suse.com/1205481 SUSE Bug 1205481 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2022-38126 openSUSE Tumbleweed:binutils-2.39-2.1 openSUSE Tumbleweed:binutils-devel-2.39-2.1 openSUSE Tumbleweed:binutils-devel-32bit-2.39-2.1 openSUSE Tumbleweed:binutils-gold-2.39-2.1 openSUSE Tumbleweed:gprofng-2.39-2.1 openSUSE Tumbleweed:libctf-nobfd0-2.39-2.1 openSUSE Tumbleweed:libctf0-2.39-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-38126.html CVE-2022-38126 https://bugzilla.suse.com/1202966 SUSE Bug 1202966 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2022-38127 openSUSE Tumbleweed:binutils-2.39-2.1 openSUSE Tumbleweed:binutils-devel-2.39-2.1 openSUSE Tumbleweed:binutils-devel-32bit-2.39-2.1 openSUSE Tumbleweed:binutils-gold-2.39-2.1 openSUSE Tumbleweed:gprofng-2.39-2.1 openSUSE Tumbleweed:libctf-nobfd0-2.39-2.1 openSUSE Tumbleweed:libctf0-2.39-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-38127.html CVE-2022-38127 https://bugzilla.suse.com/1202967 SUSE Bug 1202967 In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. CVE-2022-38533 openSUSE Tumbleweed:binutils-2.39-2.1 openSUSE Tumbleweed:binutils-devel-2.39-2.1 openSUSE Tumbleweed:binutils-devel-32bit-2.39-2.1 openSUSE Tumbleweed:binutils-gold-2.39-2.1 openSUSE Tumbleweed:gprofng-2.39-2.1 openSUSE Tumbleweed:libctf-nobfd0-2.39-2.1 openSUSE Tumbleweed:libctf0-2.39-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-38533.html CVE-2022-38533 https://bugzilla.suse.com/1202816 SUSE Bug 1202816 https://bugzilla.suse.com/1206168 SUSE Bug 1206168