{"id":"SUSE-SU-2019:2779-1","summary":"Security update for binutils","details":"This update for binutils fixes the following issues:\n\nbinutils was updated to current 2.32 branch [jsc#ECO-368].\n\nIncludes following security fixes:\n\n- CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)\n- CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413)\n- CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414)\n- CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827)\n- CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996)\n- CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535)\n- CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534)\n- CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255)\n- CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252)\n- CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247)\n- CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)\n- CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830)\n- CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035)\n- CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034)\n- CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in  load_specific_debug_section in objdump.c (bsc#1121056)\n- CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640)\n- CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772)\n\n- enable xtensa architecture (Tensilica lc6 and related)\n- Use -ffat-lto-objects in order to provide assembly for static libs\n  (bsc#1141913).\n- Fixed some LTO build issues (bsc#1133131 bsc#1133232).\n- riscv: Don't check ABI flags if no code section\n- Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016).\n- Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590).\n\nUpdate to binutils 2.32:\n\n* The binutils now support for the C-SKY processor series.\n* The x86 assembler now supports a -mvexwig=[0|1] option to control\n  encoding of VEX.W-ignored (WIG) VEX instructions.\n  It also has a new -mx86-used-note=[yes|no] option to generate (or\n  not) x86 GNU property notes.  \n* The MIPS assembler now supports the Loongson EXTensions R2 (EXT2),\n  the Loongson EXTensions (EXT) instructions, the Loongson Content\n  Address Memory (CAM) ASE and the Loongson MultiMedia extensions\n  Instructions (MMI) ASE.\n* The addr2line, c++filt, nm and objdump tools now have a default\n  limit on the maximum amount of recursion that is allowed whilst\n  demangling strings.  This limit can be disabled if necessary.\n* Objdump's --disassemble option can now take a parameter,\n  specifying the starting symbol for disassembly.  Disassembly will\n  continue from this symbol up to the next symbol or the end of the\n  function.\n* The BFD linker will now report property change in linker map file\n  when merging GNU properties.\n* The BFD linker's -t option now doesn't report members within\n  archives, unless -t is given twice.  This makes it more useful\n  when generating a list of files that should be packaged for a\n  linker bug report.\n* The GOLD linker has improved warning messages for relocations that\n  refer to discarded sections.\n\n- Improve relro support on s390 [fate#326356]\n- Fix broken debug symbols (bsc#1118644)\n- Handle ELF compressed header alignment correctly.\n\n","modified":"2026-02-04T02:19:25.340033Z","published":"2019-10-24T14:57:52Z","related":["CVE-2018-1000876","CVE-2018-17358","CVE-2018-17359","CVE-2018-17360","CVE-2018-17985","CVE-2018-18309","CVE-2018-18483","CVE-2018-18484","CVE-2018-18605","CVE-2018-18606","CVE-2018-18607","CVE-2018-19931","CVE-2018-19932","CVE-2018-20623","CVE-2018-20651","CVE-2018-20671","CVE-2018-6323","CVE-2018-6543","CVE-2018-6759","CVE-2018-6872","CVE-2018-7208","CVE-2018-7568","CVE-2018-7569","CVE-2018-7570","CVE-2018-7642","CVE-2018-7643","CVE-2018-8945","CVE-2019-1010180"],"upstream":["CVE-2018-1000876","CVE-2018-17358","CVE-2018-17359","CVE-2018-17360","CVE-2018-17985","CVE-2018-18309","CVE-2018-18483","CVE-2018-18484","CVE-2018-18605","CVE-2018-18606","CVE-2018-18607","CVE-2018-19931","CVE-2018-19932","CVE-2018-20623","CVE-2018-20651","CVE-2018-20671","CVE-2018-6323","CVE-2018-6543","CVE-2018-6759","CVE-2018-6872","CVE-2018-7208","CVE-2018-7568","CVE-2018-7569","CVE-2018-7570","CVE-2018-7642","CVE-2018-7643","CVE-2018-8945","CVE-2019-1010180"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192779-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1109412"},{"type":"REPORT","url":"https://bugzilla.suse.com/1109413"},{"type":"REPORT","url":"https://bugzilla.suse.com/1109414"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111996"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112534"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112535"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113247"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113252"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113255"},{"type":"REPORT","url":"https://bugzilla.suse.com/1116827"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118644"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118830"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118831"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120640"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121034"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121035"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121056"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133131"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133232"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141913"},{"type":"REPORT","url":"https://bugzilla.suse.com/1142772"},{"type":"REPORT","url":"https://bugzilla.suse.com/1152590"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154016"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154025"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000876"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17358"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17359"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17360"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17985"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18309"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18483"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18484"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18605"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18606"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18607"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19931"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19932"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20623"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20651"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20671"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6323"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6543"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6759"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6872"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7208"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7568"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7569"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7570"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7642"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7643"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8945"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-1010180"},{"type":"REPORT","url":"https://bugzilla.suse.com/ECO-368"},{"type":"REPORT","url":"https://bugzilla.suse.com/SLE-6206"}],"affected":[{"package":{"name":"binutils","ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","purl":"pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.32-7.5.1"}]}],"ecosystem_specific":{"binaries":[{"binutils-devel":"2.32-7.5.1","binutils":"2.32-7.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:2779-1.json"}},{"package":{"name":"binutils","ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP1","purl":"pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.32-7.5.1"}]}],"ecosystem_specific":{"binaries":[{"binutils-devel-32bit":"2.32-7.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:2779-1.json"}},{"package":{"name":"binutils","ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP1","purl":"pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.32-7.5.1"}]}],"ecosystem_specific":{"binaries":[{"binutils-gold":"2.32-7.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:2779-1.json"}}],"schema_version":"1.7.3"}