Detections
Analytics

Oracle Linux 8 : binutils (ELSA-2025-23382)

medium Nessus Plugin ID 279417

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-23382 advisory.

 - CVE-2025-11083 Reviewed-by: TBD Oracle history:
 October-8-2025 Bruce McCulloch <[email protected]> - 2.30-127.0.1
 - Forward port Oracle patches to 2.30-127.
 - Muting some failing ld-ctf tests.
 Reviewed-by: Jose E. Marchesi <[email protected]> November-14-2024 Bruce McCulloch <[email protected]> - 2.30-125.0.1
 - Forward port Oracle patches from 2.30-125 Reviewed-by: Jose E. Marchesi <[email protected]> February-06-2024 Nick Alcock <[email protected]> - 2.30-123.0.2
 - Refresh CTF patches from upstream (2.42).
 - Fix more cases where operations on child dicts could leave errors on the parent, this time associated with CTF dict creation (upstream PR libctf/30985).
 - Fix the cu-mapped link feature (not exposed by GNU ld) to use only the last mapping provided for a given translation unit, rather than a random mix of first and last
 - Fix dependencies of libctf.so and libctf-nobfd.so to cite the libraries the code actually depends on. (Fixes observed link problems with libctf-nobfd.so needing extra libraries on the link line versus upstream:
 libctf.so changes done purely for consistency.) October-10-2023 Jose E. Marchesi <[email protected]> - 2.30-123.0.1
 - Forward-port Oracle patches to 2.30-123.
 Reviewed-by: David Faust <[email protected]> August-02-2023 Nick Alcock <[email protected]> - 2.30-119.0.2
 - Refresh CTF patches from upstream.
 - Avoid spurious corruption error with symtypetab section emitted by old OL8 GCCs
 - Various obscure install-time linking problems
 - Make objdump/readelf --ctf parameter optional; make objdump --ctf-parent take a CTF member name, not a section name
 - Improve dumping of types when some types elicit a libctf error
 - Put functions as well as variables in the (misnamed) CTF variable section
 - Improve handling of various forms of corrupted CTF input.
 - Fix errors in comments in <ctf.h> and <ctf-api.h>
 - Make CTF dicts reproducible even when conflicting types are seen
 - Prevent corruption of output when linking multiple object files derived from the same source
 - Minor compiler warning and portability fixes
 - Fix (unlikely) crash-inducing uninitialized memory access and wild pointer overwrite when linking
 - Fix the reported offsets of fields within unnamed structs/unions [Orabug: 35191322]
 - Fix a number of places where operations carried out on child dicts that errored were producing errors on the parent, not the child, so the caller never noticed them March-28-2023 Guillermo E. Martinez <[email protected]> - 2.30-119.0.1
 - Forward-port Oracle patches from 2.30-117.0.3 to 2.30-119.0.1
 - Remove Oracle patch: binutils-bfd-plugin-lib64.patch
 - Reviewed-by: Jose E. Marchesi <[email protected]> October-20-2022 Guillermo E. Martinez <[email protected]> - 2.30-117.0.3
 - Backport of upstream patches:
 - [binutils-gdb] Add an option to objcopy to change the alignment of sections.
 fa463e9fc644e7a3bad39aa73bf6be72ea865805.
 - [binutils-gdb] Change objcopy's --set-section-alignment option to take a byte alignment value rather than a power of two alignment value.
 de4859eacb74a440d9fd61e4a0f051e3737a05dd
 - [Orabug: 34721268]
 - Reviewed-by: Jose E. Marchesi <[email protected]> October-06-2022 Guillermo E. Martinez <[email protected]> - 2.30-117.0.2
 - Add missed Oracle patches:
 - binutils-aarch64-veneers-fix.patch.
 - binutils-aarch64-add-support-efi.patch.
 - Reviewed-by: Jose E. Marchesi <[email protected]> September-28-2022 Guillermo E. Martinez <[email protected]> - 2.30-117.0.1
 - Forward-port of Oracle patches from 2.30-113.0.3
 - Reviewed-by: Jose E. Marchesi <[email protected]> August-04-2022 Guillermo E. Martinez <[email protected]> - 2.30-113.0.3
 - Backport of upstream patches:
 - [binutils-gdb][AArch64] Re: Add support for AArch64 EFI (efi-*-aarch64) d91c67e8730354c43fae86fa98fe593925882365.
 - [binutils-gdb][AArch64] Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64) 32384aa396e7e87fe02cc838722b8e80ec88ec10.
 - [binutils-gdb][AArch64] AArch64: Add support for AArch64 EFI (efi-*-aarch64).
 b69c9d41e89498442cb5af5287f378b3583dd445.
 - [Orabug: 34453890]
 - Reviewed-by: Jose E. Marchesi <[email protected]>
 - Reviewed-by: David Faust <[email protected]> July-14-2022 Jose E. Marchesi <[email protected]> - 2.30-113.0.2
 - Backport of upstream patch:
 [binutils-gdb][ld][AArch64] Fix group_sections algorithm cff69cf4cf97e1eb4c2cca8e985e403b1a97c059.
 - [Orabug: 34237729]
 - Reviewed-by: Indu Bhagat <[email protected]> March-29-2022 Diego de Dios <[email protected]> - 2.30-113.0.1
 - Forward-port Oracle patches from 2.30-108.0.2.1 to 2.30-113.0.1
 - Reviewed-by: Jose E. Marchesi <[email protected]> November-16-2021 David Faust <[email protected]> - 2.30-108.0.2.1
 - Forward-port Oracle patches from 2.30-108.0.2 to 2.30-108.0.2.1
 - Reviewed-by: Jose E. Marchesi <[email protected]> November-02-2021 David Faust <[email protected]> - 2.30-108.0.2
 - Forward-port the following update:
 [2.30-93.0.4
 - Backport fix for fencepost bug in CTF pptrtab usage causing coredumps
 - Backport test result fixes for new GCC-based CTF generation [Orabug: 33344570]
 - Reviewed-by: David Faust <[email protected]>
 - Reviewed-by: Jose E. Marchesi <[email protected]> October-05-2021 David Faust <[email protected]> - 2.30-108.0.1
 - Forward-port Oracle patches from 2.30-93.0.3 to 2.30-108.0.1
 - Reviewed-by: Elena Zannoni <[email protected]> August-17-2021 David Faust <[email protected]> - 2.30-93.0.3
 - Fix BFD library incorrectly attempting to load 32-bit plugins on OL8.
 - [Orabug: 33219039] June-16-2021 Nick Alcock <[email protected]> - 2.30.93.0.2
 - Backport the fully-functional CTF deduplicator. The spurious conflicts in the previous version are gone; ambiguously-defined types and those depending on them are properly shuffled into per-CU dicts; the share-duplicated link mode used by ctfarchive where types only used in one CU end up in a per-CU dict is fully implemented. This is the version that is upstream.
 The linker is much faster, uses much less memory, and generates much smaller CTF output (usually better than dwarf2ctf despite emitting function types where dwarf2ctf did not) and is much more robust and more heavily tested.
 - Remove the nondeduplicating CTF linker, and dead code supporting impossible things unnamed typedefs and basic types
 - Backport the new ld-ctf and libctf testsuites
 - New linker options --ctf-variables (off by default), --ctf-share-types
 - func info / data object support (needs compiler changes for working func info support, but all the code is there in binutils now);
 new API functions to add symbols to a dict, look them up, and iterate over them: ctf_symbol_next, ctf_add_objt_sym, ctf_add_func_sym, ctf_link_add_linker_symbol, ctf_arc_lookup_symbol, ctf_lookup_by_symbol_name, ctf_arc_lookup_symbol_name
 - Backport numerous bugfixes: fix handling of function types' arglists, allow ctf_type_reference of dynamic slices; prevent some causes of munmap()s of random chunks of memory; improved handling of corrupted dicts; improve dump output some more; fix some error handling bugs;
 fix opening CTF in binaries with a strtab but no symtab; use a more reliable method to ensure the output has exactly one .ctf section; use the dynamic sections for strings and symbols so that CTF is not corrupted by strip(1);
 improve the CTF dumper; support unnamed structure members better; fix a theoretical buffer overrun when looking up symbols by name; improve pointer lookup by name in dicts with parents; don't lose types or corrupt the dict when looking up or adding more types in writable dicts after serializing the dict
 - more armoring against invalid CTF and prevention of wrong results when asking for things like the size of opaque forwards or the encoding of enums
 - gettextization
 - New public API also used by the deduplicator: improved error reporting and assertion failures; improved _next iterators with most _iter iterators reimplemented using them, new API functions *_next, ctf_type_name_raw, ctf_type_kind_forwarded, ctf_ref, ctf_member_count, ctf_archive_count, ctf_arc_flush_caches, ctf_getsymsect, ctf_getstrsect, ctf_symsect_endianness, ctf_arc_symsect_endianness, ctf_add_unknown; add ctf_dict_t as a recommended new typename for the deprecated ctf_file_t, and new functions with _dict in the name; add the ability to filter out variables from the link
 - New internal infrastructure: new internal dynhash functions and a new dynset type; higher-efficiency dynhashes; removal of unnecessary duplication in type lookup paths; add optional lazy loading of CTF >at link time (not used by ld); make cu-mapping links (as used by ctfarchive) take much less memory
 - Run make check in libctf too.
 - Reviewed-by: David Faust <[email protected]> May-18-2021 David Faust <[email protected]> - 2.30-93.0.1
 - Forward-port Oracle patches from 2.30-90.0.1
 - Reviewed-by: Elena Zannoni <[email protected]> April-02-2021 David Faust <[email protected]> - 2.30-90.0.1
 - Forward-port Oracle patches from 2.30-79.0.1
 - Reviewed-by: Jose E. Marchesi <[email protected]> November-03-2020 David Faust <[email protected]> - 2.30-79.0.1
 - Forward-port Oracle patches from 2.30-75.0.1
 - Reviewed-by: Jose E. Marchesi <[email protected]> July-29-2020 David Faust <[email protected]> - 2.30-75.0.1
 - Forward-port Oracle patches to OL8.3 beta.
 April-28-2020 Jose E. Marchesi <[email protected]> - 2.30-73.0.1
 - Forward-port of Oracle patches from 2.30-68.0.2.
 - Reviewed-by: Elena Zannoni <[email protected]> March-17-2020 Nick Alcock <[email protected]> - 2.30-68.0.2
 - Backport the non-cycle-detecting-capable deduplicating CTF linker
 - Backport a fix for an upstream hashtab crash (no upstream bug number), triggered by the above.
 - Fix deduplication of ambiguously-named types in CTF.
 - CTF types without names are not ambiguously-named.
 - Stop the CTF_LINK_EMPTY_CU_MAPPINGS flag crashing.
 - Only emit ambiguous types as hidden if they are named and there is already a type with that name.
 - Make sure completely empty dicts get their header written out properly
 - Do not fail if adding anonymous struct/union members to structs/unions that already contain other anonymous members at a different offset
 - Correctly look up pointers to non-root-visible structures
 - Emit error messages in dumping into the dump stream
 - Do not abort early on dump-time errors
 - Elide likely duplicates (same name, same kind) within a single TU (cross- TU duplicate/ambiguous-type detection works as before).
 - Fix linking of the CTF variable section
 - Fix spurious conflicts of variables (also affects the nondeduplicating linker)
 - Defend against CUs without names
 - When linking only a single input file, set the output CTF CU name to the name of the input
 - Support cv-qualified bitfields
 - Fix off-by-one error in SHA-1 sizing January-24-2020 Egeyar Bagcioglu <[email protected]> - 2.30-68.0.1
 - Ensure 8-byte alignment for AArch64 stubs.
 - Add CTF support to OL8: CTF machinery, including libctf.so and libctf-nonbfd.so. The linker does not yet deduplicate the CTF type section.
 - Backport of fix for upstream bug 23919, required by above
 - [Orabug: 30102938] [Orabug: 30102941]

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected binutils and / or binutils-devel packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-23382.html

Plugin Details

Severity: Medium

ID: 279417

File Name: oraclelinux_ELSA-2025-23382.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/19/2025

Updated: 12/19/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2025-11083

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:binutils, p-cpe:/a:oracle:linux:binutils-devel, cpe:/o:oracle:linux:8:10:baseos_patch

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/18/2025

Vulnerability Publication Date: 9/27/2025

Reference Information

CVE: CVE-2025-11083

IAVA: 2025-A-0890