An update for binutils is now available for openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1578 Final 1.0 1.0 2025-05-30 Initial 2025-05-30 2025-05-30 openEuler SA Tool V1.0 2025-05-30 binutils security update An update for binutils is now available for openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line). Security Fix(es): A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.(CVE-2025-3198) An update for binutils is now available for openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low binutils https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1578 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS binutils-2.41-15.oe2403sp1.aarch64.rpm binutils-debuginfo-2.41-15.oe2403sp1.aarch64.rpm binutils-debugsource-2.41-15.oe2403sp1.aarch64.rpm binutils-devel-2.41-15.oe2403sp1.aarch64.rpm binutils-help-2.41-15.oe2403sp1.aarch64.rpm binutils-2.34-34.oe2003sp4.aarch64.rpm binutils-debuginfo-2.34-34.oe2003sp4.aarch64.rpm binutils-debugsource-2.34-34.oe2003sp4.aarch64.rpm binutils-devel-2.34-34.oe2003sp4.aarch64.rpm binutils-help-2.34-34.oe2003sp4.aarch64.rpm binutils-2.37-30.oe2203sp3.aarch64.rpm binutils-debuginfo-2.37-30.oe2203sp3.aarch64.rpm binutils-debugsource-2.37-30.oe2203sp3.aarch64.rpm binutils-devel-2.37-30.oe2203sp3.aarch64.rpm binutils-help-2.37-30.oe2203sp3.aarch64.rpm binutils-2.37-32.oe2203sp4.aarch64.rpm binutils-debuginfo-2.37-32.oe2203sp4.aarch64.rpm binutils-debugsource-2.37-32.oe2203sp4.aarch64.rpm binutils-devel-2.37-32.oe2203sp4.aarch64.rpm binutils-help-2.37-32.oe2203sp4.aarch64.rpm binutils-2.41-12.oe2403.aarch64.rpm binutils-debuginfo-2.41-12.oe2403.aarch64.rpm binutils-debugsource-2.41-12.oe2403.aarch64.rpm binutils-devel-2.41-12.oe2403.aarch64.rpm binutils-help-2.41-12.oe2403.aarch64.rpm binutils-2.41-15.oe2403sp1.src.rpm binutils-2.34-34.oe2003sp4.src.rpm binutils-2.37-30.oe2203sp3.src.rpm binutils-2.37-32.oe2203sp4.src.rpm binutils-2.41-12.oe2403.src.rpm binutils-2.41-15.oe2403sp1.x86_64.rpm binutils-debuginfo-2.41-15.oe2403sp1.x86_64.rpm binutils-debugsource-2.41-15.oe2403sp1.x86_64.rpm binutils-devel-2.41-15.oe2403sp1.x86_64.rpm binutils-help-2.41-15.oe2403sp1.x86_64.rpm binutils-2.34-34.oe2003sp4.x86_64.rpm binutils-debuginfo-2.34-34.oe2003sp4.x86_64.rpm binutils-debugsource-2.34-34.oe2003sp4.x86_64.rpm binutils-devel-2.34-34.oe2003sp4.x86_64.rpm binutils-help-2.34-34.oe2003sp4.x86_64.rpm binutils-2.37-30.oe2203sp3.x86_64.rpm binutils-debuginfo-2.37-30.oe2203sp3.x86_64.rpm binutils-debugsource-2.37-30.oe2203sp3.x86_64.rpm binutils-devel-2.37-30.oe2203sp3.x86_64.rpm binutils-help-2.37-30.oe2203sp3.x86_64.rpm binutils-2.37-32.oe2203sp4.x86_64.rpm binutils-debuginfo-2.37-32.oe2203sp4.x86_64.rpm binutils-debugsource-2.37-32.oe2203sp4.x86_64.rpm binutils-devel-2.37-32.oe2203sp4.x86_64.rpm binutils-help-2.37-32.oe2203sp4.x86_64.rpm binutils-2.41-12.oe2403.x86_64.rpm binutils-debuginfo-2.41-12.oe2403.x86_64.rpm binutils-debugsource-2.41-12.oe2403.x86_64.rpm binutils-devel-2.41-12.oe2403.x86_64.rpm binutils-help-2.41-12.oe2403.x86_64.rpm A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue. 2025-05-30 CVE-2025-3198 openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L binutils security update 2025-05-30 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1578