{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"binutils security update", "category":"general", "title":"Synopsis" }, { "text":"An update for binutils is now available for openEuler-24.03-LTS-SP2", "category":"general", "title":"Summary" }, { "text":"The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols. dlltool - Creates files for building and using DLLs. gold - A new, faster, ELF only linker, still in beta test. gprof - Displays profiling information. nlmconv - Converts object code into an NLM. nm - Lists symbols from object files. objcopy - Copies and translates object files. objdump - Displays information from object files. ranlib - Generates an index to the contents of an archive. readelf - Displays information from any ELF format object file. size - Lists the section sizes of an object or archive file. strings - Lists printable strings from files. trip - Discards symbols. windmc - A Windows compatible message compiler. windres - A compiler for Windows resource files.\n\nSecurity Fix(es):\n\nA vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.(CVE-2025-11412)", "category":"general", "title":"Description" }, { "text":"An update for binutils is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"binutils", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2860", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2860" }, { "summary":"CVE-2025-11412", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11412&packageName=binutils" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11412" }, { "summary":"openEuler-SA-2025-2860 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openEuler-SA-2025-2860.json" } ], "title":"An update for binutils is now available for openEuler-24.03-LTS-SP2", "tracking":{ "initial_release_date":"2025-12-31T10:22:50+08:00", "revision_history":[ { "date":"2025-12-31T10:22:50+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-12-31T10:22:50+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-12-31T10:22:50+08:00", "id":"openEuler-SA-2025-2860", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"openEuler-24.03-LTS-SP2", "name":"openEuler-24.03-LTS-SP2" }, "name":"openEuler-24.03-LTS-SP2", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-2.41-28.oe2403sp2.aarch64.rpm", "name":"binutils-2.41-28.oe2403sp2.aarch64.rpm" }, "name":"binutils-2.41-28.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-debuginfo-2.41-28.oe2403sp2.aarch64.rpm", "name":"binutils-debuginfo-2.41-28.oe2403sp2.aarch64.rpm" }, "name":"binutils-debuginfo-2.41-28.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-debugsource-2.41-28.oe2403sp2.aarch64.rpm", "name":"binutils-debugsource-2.41-28.oe2403sp2.aarch64.rpm" }, "name":"binutils-debugsource-2.41-28.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-devel-2.41-28.oe2403sp2.aarch64.rpm", "name":"binutils-devel-2.41-28.oe2403sp2.aarch64.rpm" }, "name":"binutils-devel-2.41-28.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-help-2.41-28.oe2403sp2.aarch64.rpm", "name":"binutils-help-2.41-28.oe2403sp2.aarch64.rpm" }, "name":"binutils-help-2.41-28.oe2403sp2.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-2.41-28.oe2403sp2.src.rpm", "name":"binutils-2.41-28.oe2403sp2.src.rpm" }, "name":"binutils-2.41-28.oe2403sp2.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-2.41-28.oe2403sp2.x86_64.rpm", "name":"binutils-2.41-28.oe2403sp2.x86_64.rpm" }, "name":"binutils-2.41-28.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-debuginfo-2.41-28.oe2403sp2.x86_64.rpm", "name":"binutils-debuginfo-2.41-28.oe2403sp2.x86_64.rpm" }, "name":"binutils-debuginfo-2.41-28.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-debugsource-2.41-28.oe2403sp2.x86_64.rpm", "name":"binutils-debugsource-2.41-28.oe2403sp2.x86_64.rpm" }, "name":"binutils-debugsource-2.41-28.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-devel-2.41-28.oe2403sp2.x86_64.rpm", "name":"binutils-devel-2.41-28.oe2403sp2.x86_64.rpm" }, "name":"binutils-devel-2.41-28.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"binutils-help-2.41-28.oe2403sp2.x86_64.rpm", "name":"binutils-help-2.41-28.oe2403sp2.x86_64.rpm" }, "name":"binutils-help-2.41-28.oe2403sp2.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-2.41-28.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.aarch64", "name":"binutils-2.41-28.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-debuginfo-2.41-28.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-debuginfo-2.41-28.oe2403sp2.aarch64", "name":"binutils-debuginfo-2.41-28.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-debugsource-2.41-28.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-debugsource-2.41-28.oe2403sp2.aarch64", "name":"binutils-debugsource-2.41-28.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-devel-2.41-28.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-devel-2.41-28.oe2403sp2.aarch64", "name":"binutils-devel-2.41-28.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-help-2.41-28.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-help-2.41-28.oe2403sp2.aarch64", "name":"binutils-help-2.41-28.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-2.41-28.oe2403sp2.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.src", "name":"binutils-2.41-28.oe2403sp2.src as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-2.41-28.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.x86_64", "name":"binutils-2.41-28.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-debuginfo-2.41-28.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-debuginfo-2.41-28.oe2403sp2.x86_64", "name":"binutils-debuginfo-2.41-28.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-debugsource-2.41-28.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-debugsource-2.41-28.oe2403sp2.x86_64", "name":"binutils-debugsource-2.41-28.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-devel-2.41-28.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-devel-2.41-28.oe2403sp2.x86_64", "name":"binutils-devel-2.41-28.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"binutils-help-2.41-28.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:binutils-help-2.41-28.oe2403sp2.x86_64", "name":"binutils-help-2.41-28.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-11412", "notes":[ { "text":"A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-debuginfo-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-debugsource-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-devel-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-help-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.src", "openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-debuginfo-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-debugsource-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-devel-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-help-2.41-28.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-debuginfo-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-debugsource-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-devel-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-help-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.src", "openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-debuginfo-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-debugsource-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-devel-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-help-2.41-28.oe2403sp2.x86_64" ], "details":"binutils security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2860" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-debuginfo-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-debugsource-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-devel-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-help-2.41-28.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.src", "openEuler-24.03-LTS-SP2:binutils-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-debuginfo-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-debugsource-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-devel-2.41-28.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:binutils-help-2.41-28.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-11412" } ] }