openSUSE-SU-2019:2364

openSUSE-SU-2019:2365

openSUSE-SU-2020:0716

109354

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924

https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html

GLSA-202007-39

https://security.netapp.com/advisory/ntap-20190822-0002/

USN-4326-1

USN-4336-1

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a heap-based     buffer over-read in d_expression_1 in cp-demangle.c     after many recursive calls.(CVE-2019-9070)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a stack     consumption issue in d_count_templates_scopes in     cp-demangle.c after many recursive     calls.(CVE-2019-9071)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32.
    simple_object_elf_match in simple-object-elf.c does not     check for a zero shstrndx value, leading to an integer     overflow and resultant heap-based buffer     overflow.(CVE-2019-14250)

  - GNU gdb All versions is affected by: Buffer Overflow -     Out of bound memory access. The impact is: Deny of     Service, Memory Disclosure, and Possible Code     Execution. The component is: The main gdb module. The     attack vector is: Open an ELF for debugging. The fixed     version is: Not fixed yet.(CVE-2019-1010180)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an integer overflow leading to a     SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as     demonstrated by nm.(CVE-2019-17451)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an attempted excessive memory     allocation in _bfd_elf_slurp_version_tables in     elf.c.(CVE-2019-9073)

  - apply_relocations in readelf.c in GNU Binutils 2.32     contains an integer overflow that allows attackers to     trigger a write access violation (in     byte_put_little_endian function in elfcomm.c) via an     ELF file, as demonstrated by readelf.(CVE-2019-14444)

  - remember_Ktype in cplus-dem.c in GNU libiberty, as     distributed in GNU Binutils 2.30, allows attackers to     trigger excessive memory consumption (aka OOM). This     can occur during execution of cxxfilt.(CVE-2018-12934)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202007-39 (Binutils: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Binutils. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

This update includes the GNU Compiler Collection 9.

This update ships the GCC 9.3 release.

A full changelog is provided by the GCC team on :

https://www.gnu.org/software/gcc/gcc-9/changes.html

The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages.

To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed :

  - CVE-2019-15847: Fixed a miscompilation in the POWER9     back end, that optimized multiple calls of the
    __builtin_darn intrinsic into a single call.
    (bsc#1149145)

  - CVE-2019-14250: Fixed a heap overflow in the LTO linker.
    (bsc#1142649)

Non-security issues fixed :

  - Split out libstdc++ pretty-printers into a separate     package supplementing gdb and the installed runtime.
    (bsc#1135254)

  - Fixed miscompilation for vector shift on s390.
    (bsc#1141897)

  - Includes a fix for Internal compiler error when building     HepMC (bsc#1167898)

  - Includes fix for binutils version parsing

  - Add libstdc++6-pp provides and conflicts to avoid file     conflicts with same minor version of libstdc++6-pp from     gcc10.

  - Add gcc9 autodetect -g at lto link (bsc#1149995)

  - Install go tool buildid for bootstrapping go

According to the versions of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x     through 2.6.4 allows HTTP Response Splitting. If a     program using WEBrick inserts untrusted input into the     response header, an attacker can exploit it to insert a     newline character to split a header, and inject     malicious content to deceive clients. NOTE: this issue     exists because of an incomplete fix for CVE-2017-17742,     which addressed the CRLF vector, but did not address an     isolated CR or an isolated LF.(CVE-2019-9076)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an attempted excessive memory     allocation in elf_read_notes in elf.c.(CVE-2019-9074)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an out-of-bounds read leading to a     SEGV in bfd_getl32 in libbfd.c, when called from     pex64_get_runtime_function in     pei-x86_64.c.(CVE-2019-14250)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a stack     consumption issue in d_count_templates_scopes in     cp-demangle.c after many recursive     calls.(CVE-2019-9071)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a heap-based     buffer over-read in d_expression_1 in cp-demangle.c     after many recursive calls.(CVE-2019-9070)

  - The demangle_template function in cplus-dem.c in GNU     libiberty, as distributed in GNU Binutils 2.31.1, has a     memory leak via a crafted string, leading to a denial     of service (memory consumption), as demonstrated by     cxxfilt, a related issue to     CVE-2018-12698.(CVE-2018-20657)

  - The get_count function in cplus-dem.c in GNU libiberty,     as distributed in GNU Binutils 2.31, allows remote     attackers to cause a denial of service (malloc called     with the result of an integer-overflowing calculation)     or possibly have unspecified other impact via a crafted     string, as demonstrated by c++filt.(CVE-2018-18483)

  - The _bfd_generic_read_minisymbols function in syms.c in     the Binary File Descriptor (BFD) library (aka libbfd),     as distributed in GNU Binutils 2.31, has a memory leak     via a crafted ELF file, leading to a denial of service     (memory consumption), as demonstrated by     nm.(CVE-2018-20002)

  - apply_relocations in readelf.c in GNU Binutils 2.32     contains an integer overflow that allows attackers to     trigger a write access violation (in     byte_put_little_endian function in elfcomm.c) via an     ELF file, as demonstrated by readelf.(CVE-2019-14444)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32.
    simple_object_elf_match in simple-object-elf.c does not     check for a zero shstrndx value, leading to an integer     overflow and resultant heap-based buffer     overflow.(CVE-2019-14250)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an attempted excessive memory     allocation in elf_read_notes in elf.c.(CVE-2019-9076)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an out-of-bounds read leading to a     SEGV in bfd_getl32 in libbfd.c, when called from     pex64_get_runtime_function in     pei-x86_64.c.(CVE-2019-9074)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a stack     consumption issue in d_count_templates_scopes in     cp-demangle.c after many recursive     calls.(CVE-2019-9071)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a heap-based     buffer over-read in d_expression_1 in cp-demangle.c     after many recursive calls.(CVE-2019-9070)

  - The demangle_template function in cplus-dem.c in GNU     libiberty, as distributed in GNU Binutils 2.31.1, has a     memory leak via a crafted string, leading to a denial     of service (memory consumption), as demonstrated by     cxxfilt, a related issue to     CVE-2018-12698.(CVE-2018-20657)

  - The get_count function in cplus-dem.c in GNU libiberty,     as distributed in GNU Binutils 2.31, allows remote     attackers to cause a denial of service (malloc called     with the result of an integer-overflowing calculation)     or possibly have unspecified other impact via a crafted     string, as demonstrated by c++filt.(CVE-2018-18483)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The demangle_template function in cplus-dem.c in GNU     libiberty, as distributed in GNU Binutils 2.31.1,     contains an integer overflow vulnerability (for 'Create     an array for saving the template argument values') that     can trigger a heap-based buffer overflow, as     demonstrated by nm.(CVE-2018-20673)

  - The demangle_template function in cplus-dem.c in GNU     libiberty, as distributed in GNU Binutils 2.31.1, has a     memory leak via a crafted string, leading to a denial     of service (memory consumption), as demonstrated by     cxxfilt, a related issue to     CVE-2018-12698.(CVE-2018-20657)

  - The get_count function in cplus-dem.c in GNU libiberty,     as distributed in GNU Binutils 2.31, allows remote     attackers to cause a denial of service (malloc called     with the result of an integer-overflowing calculation)     or possibly have unspecified other impact via a crafted     string, as demonstrated by c++filt.(CVE-2018-18483)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32.
    simple_object_elf_match in simple-object-elf.c does not     check for a zero shstrndx value, leading to an integer     overflow and resultant heap-based buffer     overflow.(CVE-2019-14250)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a heap-based     buffer over-read in d_expression_1 in cp-demangle.c     after many recursive calls.(CVE-2019-9070)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an attempted excessive memory     allocation in elf_read_notes in elf.c.(CVE-2019-9076)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an out-of-bounds read leading to a     SEGV in bfd_getl32 in libbfd.c, when called from     pex64_get_runtime_function in     pei-x86_64.c.(CVE-2019-9074)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a stack     consumption issue in d_count_templates_scopes in     cp-demangle.c after many recursive     calls.(CVE-2019-9071)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a heap-based     buffer over-read in d_expression_1 in cp-demangle.c     after many recursive calls.(CVE-2019-9070)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32. It is a stack     consumption issue in d_count_templates_scopes in     cp-demangle.c after many recursive     calls.(CVE-2019-9071)

  - An issue was discovered in GNU libiberty, as     distributed in GNU Binutils 2.32.
    simple_object_elf_match in simple-object-elf.c does not     check for a zero shstrndx value, leading to an integer     overflow and resultant heap-based buffer     overflow.(CVE-2019-14250)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an attempted excessive memory     allocation in elf_read_notes in elf.c.(CVE-2019-9076)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils 2.32. It is an out-of-bounds read leading to a     SEGV in bfd_getl32 in libbfd.c, when called from     pex64_get_runtime_function in     pei-x86_64.c.(CVE-2019-9074)

  - GNU gdb All versions is affected by: Buffer Overflow -     Out of bound memory access. The impact is: Deny of     Service, Memory Disclosure, and Possible Code     Execution. The component is: The main gdb module. The     attack vector is: Open an ELF for debugging. The fixed     version is: Not fixed yet.(CVE-2019-1010180)

  - The demangle_template function in cplus-dem.c in GNU     libiberty, as distributed in GNU Binutils 2.31.1, has a     memory leak via a crafted string, leading to a denial     of service (memory consumption), as demonstrated by     cxxfilt, a related issue to     CVE-2018-12698.(CVE-2018-20657)

  - The get_count function in cplus-dem.c in GNU libiberty,     as distributed in GNU Binutils 2.31, allows remote     attackers to cause a denial of service (malloc called     with the result of an integer-overflowing calculation)     or possibly have unspecified other impact via a crafted     string, as demonstrated by c++filt.(CVE-2018-18483)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for gcc9 fixes the following issues :

The GNU Compiler Collection is shipped in version 9.

A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html

The compilers have been added to the SUSE Linux Enterprise Toolchain Module.

To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set.

For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants.

Security issues fixed :

CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)

CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed: Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime.
(bsc#1135254)

Fixed miscompilation for vector shift on s390. (bsc#1141897)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update includes the GNU Compiler Collection 9.

A full changelog is provided by the GCC team on :

https://www.gnu.org/software/gcc/gcc-9/changes.html

The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages.

To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed :

CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)

CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed: Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime.
(bsc#1135254)

Fixed miscompilation for vector shift on s390. (bsc#1141897)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for gcc7 to r275405 fixes the following issues :

Security issues fixed :

  - CVE-2019-14250: Fixed an integer overflow in binutils     (bsc#1142649).

  - CVE-2019-15847: Fixed an optimization in the POWER9     backend of gcc that could reduce the entropy of the     random number generator (bsc#1149145).

Non-security issue fixed :

  - Move Live Patching technology stack from kGraft to     upstream klp (bsc#1071995, fate#323487).

This update was imported from the SUSE:SLE-15:Update update project.

This update for gcc7 to r275405 fixes the following issues :

Security issues fixed :

CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649).

CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145).

Non-security issue fixed: Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the binutils package has been released.

ID	Name	Product	Family	Severity
140839	EulerOS 2.0 SP3 : binutils (EulerOS-SA-2020-2072)	Nessus	Huawei Local Security Checks	medium
138962	GLSA-202007-39 : Binutils: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
136959	openSUSE Security Update : gcc9 (openSUSE-2020-716)	Nessus	SuSE Local Security Checks	medium
136251	EulerOS Virtualization for ARM 64 3.0.2.0 : binutils (EulerOS-SA-2020-1548)	Nessus	Huawei Local Security Checks	medium
135966	Ubuntu 18.04 LTS : GNU binutils vulnerabilities (USN-4336-1)	Nessus	Ubuntu Local Security Checks	high
135628	EulerOS Virtualization 3.0.2.2 : binutils (EulerOS-SA-2020-1466)	Nessus	Huawei Local Security Checks	high
135398	Ubuntu 16.04 LTS / 18.04 LTS : libiberty vulnerabilities (USN-4326-1)	Nessus	Ubuntu Local Security Checks	medium
135150	EulerOS Virtualization for ARM 64 3.0.6.0 : binutils (EulerOS-SA-2020-1363)	Nessus	Huawei Local Security Checks	medium
133976	EulerOS 2.0 SP8 : binutils (EulerOS-SA-2020-1142)	Nessus	Huawei Local Security Checks	medium
133895	EulerOS 2.0 SP5 : binutils (EulerOS-SA-2020-1094)	Nessus	Huawei Local Security Checks	medium
133791	SUSE SLES12 Security Update : gcc9 (SUSE-SU-2020:0394-1)	Nessus	SuSE Local Security Checks	medium
131311	SUSE SLED15 / SLES15 Security Update : gcc9 (SUSE-SU-2019:3061-1)	Nessus	SuSE Local Security Checks	medium
130160	openSUSE Security Update : gcc7 (openSUSE-2019-2365)	Nessus	SuSE Local Security Checks	medium
130159	openSUSE Security Update : gcc7 (openSUSE-2019-2364)	Nessus	SuSE Local Security Checks	medium
130002	SUSE SLED15 / SLES15 Security Update : gcc7 (SUSE-SU-2019:2702-1)	Nessus	SuSE Local Security Checks	medium
128734	Photon OS 2.0: Binutils PHSA-2019-2.0-0173	Nessus	PhotonOS Local Security Checks	medium
128729	Photon OS 3.0: Binutils PHSA-2019-3.0-0026	Nessus	PhotonOS Local Security Checks	medium

CVE-2019-14250

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins