Release Info

Advisory: CLSA-2023:1696877581

OS: CentOS 7 ELS

Public date: 2023-10-09 14:53:03

Project: binutils

Version: 2.27-44.base.el7_9.1.tuxcare.els1

Errata link: https://errata.tuxcare.com/centos7-els/CLSA-2023-1696877581.html

Changelog

- CVE-2017-16831: Fix excessive memory allocation attempts and possible integer overflows when attempting to read a COFF binary with a corrupt symbol count - CVE-2020-19726: Fix parsing a corrupt PE format file - CVE-2021-45078: Fix out-of-bounds write in stab_xcoff_builtin_type - CVE-2021-46174: Fix buffer overflow in read_section_stabs_debugging_info - CVE-2022-44840: Fix possible heap buffer overflow in find_section_in_set() in readelf.c - CVE-2022-45703: Combine sanity checks, calculate element counts, not word counts, fix typo - CVE-2022-47695: Test symbol flags to exclude section and synthetic symbols before attempting to check flavour - CVE-2022-47696: Fix uninitialised field `the_bfd` of `asymbol` - CVE-2022-47673: Fix lack of bounds checking in vms-alpha.c

Update

Update command: yum update binutils*

Packages list

binutils-2.27-44.base.el7_9.1.tuxcare.els1.x86_64.rpm binutils-devel-2.27-44.base.el7_9.1.tuxcare.els1.i686.rpm binutils-devel-2.27-44.base.el7_9.1.tuxcare.els1.x86_64.rpm

CVEs

CVE-2021-46174
CVE-2022-44840
CVE-2020-19726
CVE-2022-47673
CVE-2022-47696
CVE-2022-45703
CVE-2021-45078
CVE-2017-16831
CVE-2022-47695