{"schema_version":"1.7.2","id":"OESA-2021-1098","modified":"2021-04-07T11:02:43Z","published":"2021-04-07T11:02:43Z","upstream":["CVE-2020-0551","CVE-2020-16592"],"summary":"binutils security update","details":"The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols. dlltool - Creates files for building and using DLLs. gold - A new, faster, ELF only linker, still in beta test. gprof - Displays profiling information. nlmconv - Converts object code into an NLM. nm - Lists symbols from object files. objcopy - Copies and translates object files. objdump - Displays information from object files. ranlib - Generates an index to the contents of an archive. readelf - Displays information from any ELF format object file. size - Lists the section sizes of an object or archive file. strings - Lists printable strings from files. trip - Discards symbols. windmc - A Windows compatible message compiler. windres - A compiler for Windows resource files.\r\n\r\nSecurity Fix(es):\r\n\r\nLoad value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html(CVE-2020-0551)\n\nA use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.(CVE-2020-16592)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"binutils","purl":"pkg:rpm/openEuler/binutils\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.34-8.oe1"}]}],"ecosystem_specific":{"aarch64":["binutils-2.34-9.oe1.aarch64.rpm","binutils-debuginfo-2.34-9.oe1.aarch64.rpm","binutils-debugsource-2.34-9.oe1.aarch64.rpm","binutils-help-2.34-9.oe1.aarch64.rpm","binutils-devel-2.34-9.oe1.aarch64.rpm","binutils-2.34-8.oe1.aarch64.rpm","binutils-debugsource-2.34-8.oe1.aarch64.rpm","binutils-devel-2.34-8.oe1.aarch64.rpm","binutils-help-2.34-8.oe1.aarch64.rpm","binutils-debuginfo-2.34-8.oe1.aarch64.rpm"],"src":["binutils-2.34-9.oe1.src.rpm","binutils-2.34-8.oe1.src.rpm"],"x86_64":["binutils-help-2.34-9.oe1.x86_64.rpm","binutils-debugsource-2.34-9.oe1.x86_64.rpm","binutils-devel-2.34-9.oe1.x86_64.rpm","binutils-2.34-9.oe1.x86_64.rpm","binutils-debuginfo-2.34-9.oe1.x86_64.rpm","binutils-devel-2.34-8.oe1.x86_64.rpm","binutils-debugsource-2.34-8.oe1.x86_64.rpm","binutils-debuginfo-2.34-8.oe1.x86_64.rpm","binutils-2.34-8.oe1.x86_64.rpm","binutils-help-2.34-8.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"binutils","purl":"pkg:rpm/openEuler/binutils\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.34-8.oe1"}]}],"ecosystem_specific":{"aarch64":["binutils-2.34-8.oe1.aarch64.rpm","binutils-debugsource-2.34-8.oe1.aarch64.rpm","binutils-devel-2.34-8.oe1.aarch64.rpm","binutils-help-2.34-8.oe1.aarch64.rpm","binutils-debuginfo-2.34-8.oe1.aarch64.rpm"],"src":["binutils-2.34-8.oe1.src.rpm"],"x86_64":["binutils-devel-2.34-8.oe1.x86_64.rpm","binutils-debugsource-2.34-8.oe1.x86_64.rpm","binutils-debuginfo-2.34-8.oe1.x86_64.rpm","binutils-2.34-8.oe1.x86_64.rpm","binutils-help-2.34-8.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1098"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0551"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16592"}],"database_specific":{"severity":"Medium"}}