Detections
Analytics

SUSE SLES15 Security Update : binutils (SUSE-SU-2022:0934-1)

high Nessus Plugin ID 159175

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0934-1 advisory.

 - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now.
 - Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
 - Fix empty man-pages from broken release tarball
 - Fixed a memory corruption with rpath option (bsc#1191473).
 - Fixed slow performance of stripping some binaries (bsc#1183909).


 Update to binutils 2.37:

 * The GNU Binutils sources now requires a C99 compiler and library to build.
 * Support for Realm Management Extension (RME) for AArch64 has been added.
 * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations.
 * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when
 --gc-sections.
 * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
 * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported.
 --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16.
 * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else.
 * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools.
 * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols.
 * Readelf and objdump can now display and use the contents of .debug_sup sections.
 * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option.

 The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed.

 If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed.
 This is because in most cases the debug section will only be present in one of the files.

 If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files.

 * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic.

 Update to binutils 2.36:

 New features in the Assembler:

 - General:

 * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name.
 * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active.
 * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically.

 - X86/x86_64:

 * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions.
 * Support non-absolute segment values for lcall and ljmp.
 * Add {disp16} pseudo prefix to x86 assembler.
 * Configure with --enable-x86-used-note by default for Linux/x86.

 - ARM/AArch64:

 * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores.
 * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers.
 * Add support for Armv8-R and Armv8.7-A ISA extensions.
 * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7.
 * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64.
 * Add support for +flagm feature for -march in Armv8.4 AArch64.
 * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature.
 * Add support for +pauth (Pointer Authentication) feature for
 -march in AArch64.

 New features in the Linker:

 * Add --error-handling-script=<NAME> command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no.
 * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed.
 * Add -z unique-symbol to avoid duplicated local symbol names.
 * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics.
 * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this:
 its default value, share-unconflicted, produces the most compact output.
 * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs.

 New features in other binary tools:

 * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time.
 * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option.
 * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=<style>,
 --no-demangle, --recurse-limit and --no-recurse-limit options are also now availale.

 The following security fixes are addressed by the update:

 - CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
 - CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
 - CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
 - CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
 - CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
 - CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
 - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
 - CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
 - CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
 - CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
 - CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
 - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
 - CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).
 - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1179898

https://bugzilla.suse.com/1179899

https://bugzilla.suse.com/1179900

https://bugzilla.suse.com/1179901

https://bugzilla.suse.com/1179902

https://bugzilla.suse.com/1179903

https://bugzilla.suse.com/1180451

https://bugzilla.suse.com/1180454

https://bugzilla.suse.com/1180461

https://bugzilla.suse.com/1181452

https://bugzilla.suse.com/1182252

https://bugzilla.suse.com/1183511

https://bugzilla.suse.com/1183909

https://bugzilla.suse.com/1184519

https://bugzilla.suse.com/1184620

https://bugzilla.suse.com/1184794

https://bugzilla.suse.com/1188941

https://bugzilla.suse.com/1191473

https://bugzilla.suse.com/1192267

http://www.nessus.org/u?42815fb8

https://www.suse.com/security/cve/CVE-2020-16590

https://www.suse.com/security/cve/CVE-2020-16591

https://www.suse.com/security/cve/CVE-2020-16592

https://www.suse.com/security/cve/CVE-2020-16593

https://www.suse.com/security/cve/CVE-2020-16599

https://www.suse.com/security/cve/CVE-2020-35448

https://www.suse.com/security/cve/CVE-2020-35493

https://www.suse.com/security/cve/CVE-2020-35496

https://www.suse.com/security/cve/CVE-2020-35507

https://www.suse.com/security/cve/CVE-2021-20197

https://www.suse.com/security/cve/CVE-2021-20284

https://www.suse.com/security/cve/CVE-2021-20294

Plugin Details

Severity: High

ID: 159175

File Name: suse_SU-2022-0934-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 3/23/2022

Updated: 9/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-20294

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:binutils-devel, p-cpe:/a:novell:suse_linux:binutils-devel-32bit, p-cpe:/a:novell:suse_linux:binutils, p-cpe:/a:novell:suse_linux:libctf-nobfd0, p-cpe:/a:novell:suse_linux:libctf0, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/22/2022

Vulnerability Publication Date: 12/9/2020

Reference Information

CVE: CVE-2020-16590, CVE-2020-16591, CVE-2020-16592, CVE-2020-16593, CVE-2020-16599, CVE-2020-35448, CVE-2020-35493, CVE-2020-35496, CVE-2020-35507, CVE-2021-20197, CVE-2021-20284, CVE-2021-20294

SuSE: SUSE-SU-2022:0934-1