An update for binutils is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1098 Final 1.0 1.0 2025-02-08 Initial 2025-02-08 2025-02-08 openEuler SA Tool V1.0 2025-02-08 binutils security update An update for binutils is now available for openEuler-22.03-LTS-SP3 Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line). Security Fix(es): https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function.(CVE-2024-57360) A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.(CVE-2025-0840) An update for binutils is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High binutils https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1098 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57360 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-0840 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2025-0840 openEuler-22.03-LTS-SP3 binutils-2.37-28.oe2203sp3.aarch64.rpm binutils-debuginfo-2.37-28.oe2203sp3.aarch64.rpm binutils-debugsource-2.37-28.oe2203sp3.aarch64.rpm binutils-devel-2.37-28.oe2203sp3.aarch64.rpm binutils-help-2.37-28.oe2203sp3.aarch64.rpm binutils-2.37-28.oe2203sp3.src.rpm binutils-2.37-28.oe2203sp3.x86_64.rpm binutils-debuginfo-2.37-28.oe2203sp3.x86_64.rpm binutils-debugsource-2.37-28.oe2203sp3.x86_64.rpm binutils-devel-2.37-28.oe2203sp3.x86_64.rpm binutils-help-2.37-28.oe2203sp3.x86_64.rpm https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function. 2025-02-08 CVE-2024-57360 openEuler-22.03-LTS-SP3 High 7.7 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H binutils security update 2025-02-08 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1098 A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component. 2025-02-08 CVE-2025-0840 openEuler-22.03-LTS-SP3 Medium 5.0 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L binutils security update 2025-02-08 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1098