binutils-2.41-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13411 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z binutils-2.41-1.2 on GA media These are all security issues fixed in the binutils-2.41-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13411 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13411 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-19726/ SUSE CVE CVE-2020-19726 page https://www.suse.com/security/cve/CVE-2021-32256/ SUSE CVE CVE-2021-32256 page https://www.suse.com/security/cve/CVE-2022-35205/ SUSE CVE CVE-2022-35205 page https://www.suse.com/security/cve/CVE-2022-35206/ SUSE CVE CVE-2022-35206 page https://www.suse.com/security/cve/CVE-2022-44840/ SUSE CVE CVE-2022-44840 page https://www.suse.com/security/cve/CVE-2022-45703/ SUSE CVE CVE-2022-45703 page https://www.suse.com/security/cve/CVE-2022-47673/ SUSE CVE CVE-2022-47673 page https://www.suse.com/security/cve/CVE-2022-47695/ SUSE CVE CVE-2022-47695 page https://www.suse.com/security/cve/CVE-2022-47696/ SUSE CVE CVE-2022-47696 page https://www.suse.com/security/cve/CVE-2022-48063/ SUSE CVE CVE-2022-48063 page https://www.suse.com/security/cve/CVE-2022-48064/ SUSE CVE CVE-2022-48064 page https://www.suse.com/security/cve/CVE-2022-48065/ SUSE CVE CVE-2022-48065 page https://www.suse.com/security/cve/CVE-2023-1579/ SUSE CVE CVE-2023-1579 page https://www.suse.com/security/cve/CVE-2023-1972/ SUSE CVE CVE-2023-1972 page https://www.suse.com/security/cve/CVE-2023-2222/ SUSE CVE CVE-2023-2222 page openSUSE Tumbleweed binutils-2.41-1.2 binutils-devel-2.41-1.2 binutils-devel-32bit-2.41-1.2 binutils-gold-2.41-1.2 gprofng-2.41-1.2 libctf-nobfd0-2.41-1.2 libctf0-2.41-1.2 binutils-2.41-1.2 as a component of openSUSE Tumbleweed binutils-devel-2.41-1.2 as a component of openSUSE Tumbleweed binutils-devel-32bit-2.41-1.2 as a component of openSUSE Tumbleweed binutils-gold-2.41-1.2 as a component of openSUSE Tumbleweed gprofng-2.41-1.2 as a component of openSUSE Tumbleweed libctf-nobfd0-2.41-1.2 as a component of openSUSE Tumbleweed libctf0-2.41-1.2 as a component of openSUSE Tumbleweed An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. CVE-2020-19726 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-19726.html CVE-2020-19726 https://bugzilla.suse.com/1214565 SUSE Bug 1214565 https://bugzilla.suse.com/1217368 SUSE Bug 1217368 https://bugzilla.suse.com/1221581 SUSE Bug 1221581 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. CVE-2021-32256 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-32256.html CVE-2021-32256 https://bugzilla.suse.com/1213458 SUSE Bug 1213458 An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. CVE-2022-35205 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-35205.html CVE-2022-35205 https://bugzilla.suse.com/1214579 SUSE Bug 1214579 Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. CVE-2022-35206 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-35206.html CVE-2022-35206 https://bugzilla.suse.com/1214567 SUSE Bug 1214567 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. CVE-2022-44840 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-44840.html CVE-2022-44840 https://bugzilla.suse.com/1214580 SUSE Bug 1214580 https://bugzilla.suse.com/1217368 SUSE Bug 1217368 https://bugzilla.suse.com/1221581 SUSE Bug 1221581 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. CVE-2022-45703 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-45703.html CVE-2022-45703 https://bugzilla.suse.com/1214604 SUSE Bug 1214604 https://bugzilla.suse.com/1217368 SUSE Bug 1217368 An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. CVE-2022-47673 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-47673.html CVE-2022-47673 https://bugzilla.suse.com/1214625 SUSE Bug 1214625 https://bugzilla.suse.com/1217368 SUSE Bug 1217368 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. CVE-2022-47695 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-47695.html CVE-2022-47695 https://bugzilla.suse.com/1214624 SUSE Bug 1214624 https://bugzilla.suse.com/1217368 SUSE Bug 1217368 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. CVE-2022-47696 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-47696.html CVE-2022-47696 https://bugzilla.suse.com/1214623 SUSE Bug 1214623 https://bugzilla.suse.com/1217368 SUSE Bug 1217368 GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVE-2022-48063 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-48063.html CVE-2022-48063 https://bugzilla.suse.com/1214620 SUSE Bug 1214620 GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVE-2022-48064 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-48064.html CVE-2022-48064 https://bugzilla.suse.com/1214619 SUSE Bug 1214619 GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. CVE-2022-48065 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-48065.html CVE-2022-48065 https://bugzilla.suse.com/1214611 SUSE Bug 1214611 Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. CVE-2023-1579 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1579.html CVE-2023-1579 https://bugzilla.suse.com/1209642 SUSE Bug 1209642 https://bugzilla.suse.com/1213676 SUSE Bug 1213676 A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. CVE-2023-1972 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1972.html CVE-2023-1972 https://bugzilla.suse.com/1210297 SUSE Bug 1210297 ** REJECT ** This was deemed not a security vulnerability by upstream. CVE-2023-2222 openSUSE Tumbleweed:binutils-2.41-1.2 openSUSE Tumbleweed:binutils-devel-2.41-1.2 openSUSE Tumbleweed:binutils-devel-32bit-2.41-1.2 openSUSE Tumbleweed:binutils-gold-2.41-1.2 openSUSE Tumbleweed:gprofng-2.41-1.2 openSUSE Tumbleweed:libctf-nobfd0-2.41-1.2 openSUSE Tumbleweed:libctf0-2.41-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-2222.html CVE-2023-2222 https://bugzilla.suse.com/1210733 SUSE Bug 1210733