MGASA-2018-0046

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0046.html

Import Source

https://advisories.mageia.org/MGASA-2018-0046.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0046

Related

Published

2018-01-03T14:22:14Z

Modified

2018-01-03T13:54:21Z

Summary

Updated binutils packages fix security vulnerability

Details

Exploitable buffer overflow (CVE-2016-2226).

Invalid write due to a use-after-free to array btypevec (CVE-2016-4487).

Invalid write due to a use-after-free to array ktypevec (CVE-2016-4488).

Invalid write due to integer overflow (CVE-2016-4489).

Write access violation (CVE-2016-4490).

Write access violations (CVE-2016-4492).

Read access violations (CVE-2016-4493).

Stack buffer overflow when printing bad bytes in Intel Hex objects (CVE-2016-6131).

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (CVE-2017-6969).

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (CVE-2017-7210).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2018-0046

Affected packages