SuSE 11.3 Security Update : binutils (SAT Patch Number 10214)

High Nessus Plugin ID 81076

Synopsis

The remote SuSE 11 host is missing a security update.

Description

binutils has been updated to fix eight security issues :

 - Lack of range checking leading to controlled write in
 _bfd_elf_setup_sections(). (CVE-2014-8485)

 - Invalid read flaw in libbfd. (CVE-2014-8484)

 - Write to uninitialized memory in the PE parser.
 (CVE-2014-8501)

 - Crash in the PE parser. (CVE-2014-8502)

 - Segfault in the ihex parser when it encounters a malformed ihex file. (CVE-2014-8503)

 - Stack buffer overflow in srec_scan. (CVE-2014-8504)

 - Out-of-bounds memory write while processing a crafted 'ar' archive. (CVE-2014-8738)

 - Directory traversal vulnerability allowing random file deletion/creation. (CVE-2014-8737)

Solution

Apply SAT patch number 10214.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=902676

https://bugzilla.novell.com/show_bug.cgi?id=902677

https://bugzilla.novell.com/show_bug.cgi?id=903655

https://bugzilla.novell.com/show_bug.cgi?id=905735

https://bugzilla.novell.com/show_bug.cgi?id=905736

http://support.novell.com/security/cve/CVE-2014-8484.html

http://support.novell.com/security/cve/CVE-2014-8485.html

http://support.novell.com/security/cve/CVE-2014-8501.html

http://support.novell.com/security/cve/CVE-2014-8502.html

http://support.novell.com/security/cve/CVE-2014-8503.html

http://support.novell.com/security/cve/CVE-2014-8504.html

http://support.novell.com/security/cve/CVE-2014-8737.html

http://support.novell.com/security/cve/CVE-2014-8738.html

Plugin Details

Severity: High

ID: 81076

File Name: suse_11_binutils-201501-150122.nasl

Version: Revision: 1.1

Type: local

Agent: unix

Published: 2015/01/29

Updated: 2015/01/29

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:binutils, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2015/01/22

Reference Information

CVE: CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738