Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-12972 (GCVE-0-2019-12972)
Vulnerability from cvelistv5 – Published: 2019-06-26 13:27 – Updated: 2024-08-04 23:41
VLAI?
EPSS
Summary
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=24689 | x_refsource_MISC |
| https://sourceware.org/git/gitweb.cgi?p=binutils-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108903 | vdb-entryx_refsource_BID |
| https://usn.ubuntu.com/4336-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/202007-39 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:09.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=890f750a3b053532a4b839a2dd6243076de12031"
},
{
"name": "108903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108903"
},
{
"name": "USN-4336-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4336-1/"
},
{
"name": "GLSA-202007-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-39"
},
{
"name": "openSUSE-SU-2020:1790",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
},
{
"name": "openSUSE-SU-2020:1804",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-01T15:06:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=890f750a3b053532a4b839a2dd6243076de12031"
},
{
"name": "108903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108903"
},
{
"name": "USN-4336-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4336-1/"
},
{
"name": "GLSA-202007-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-39"
},
{
"name": "openSUSE-SU-2020:1790",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
},
{
"name": "openSUSE-SU-2020:1804",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031",
"refsource": "MISC",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031"
},
{
"name": "108903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108903"
},
{
"name": "USN-4336-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4336-1/"
},
{
"name": "GLSA-202007-39",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-39"
},
{
"name": "openSUSE-SU-2020:1790",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
},
{
"name": "openSUSE-SU-2020:1804",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12972",
"datePublished": "2019-06-26T13:27:41.000Z",
"dateReserved": "2019-06-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:09.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-12972",
"date": "2026-05-22",
"epss": "0.00605",
"percentile": "0.69864"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A276274-BE53-4BC8-B3E4-3DF151E5FC7D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\\\0\u0027 character.\"}, {\"lang\": \"es\", \"value\": \"Fue encontrado un problema en la biblioteca Binary File Descriptor (BFD), tambi\\u00e9n conocida como libbfd, tal y como se distribuye en GNU Binutils 2.32. Se ha descubierto un problema en las versiones 0.7 y 0.7.1645 de GNU LibreDWG. Hay una sobrelectura de b\\u00fafer basada en memoria din\\u00e1mica (heap) en _bfd_doprnt in bfd.c porque elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP mediante la omisi\\u00f3n de un car\\u00e1cter \\\\0\u0027 final.\"}]",
"id": "CVE-2019-12972",
"lastModified": "2024-11-21T04:23:55.660",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-06-26T14:15:10.043",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/108903\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.gentoo.org/glsa/202007-39\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://sourceware.org/bugzilla/show_bug.cgi?id=24689\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=890f750a3b053532a4b839a2dd6243076de12031\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4336-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/108903\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.gentoo.org/glsa/202007-39\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://sourceware.org/bugzilla/show_bug.cgi?id=24689\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=890f750a3b053532a4b839a2dd6243076de12031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4336-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-12972\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-26T14:15:10.043\",\"lastModified\":\"2024-11-21T04:23:55.660\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\\\0\u0027 character.\"},{\"lang\":\"es\",\"value\":\"Fue encontrado un problema en la biblioteca Binary File Descriptor (BFD), tambi\u00e9n conocida como libbfd, tal y como se distribuye en GNU Binutils 2.32. Se ha descubierto un problema en las versiones 0.7 y 0.7.1645 de GNU LibreDWG. Hay una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en _bfd_doprnt in bfd.c porque elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP mediante la omisi\u00f3n de un car\u00e1cter \\\\0\u0027 final.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A276274-BE53-4BC8-B3E4-3DF151E5FC7D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108903\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/202007-39\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sourceware.org/bugzilla/show_bug.cgi?id=24689\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=890f750a3b053532a4b839a2dd6243076de12031\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4336-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/202007-39\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sourceware.org/bugzilla/show_bug.cgi?id=24689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=890f750a3b053532a4b839a2dd6243076de12031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4336-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2025-AVI-0337
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.28 | ||
| IBM | QRadar | QRadar Suite Software versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.28",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-35494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35494"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2020-35496",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35496"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-25584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25584"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2018-18700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18700"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-35495",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35495"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2019-12972",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12972"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2023-25585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25585"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2020-35507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35507"
},
{
"name": "CVE-2020-35493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35493"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2018-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230739",
"url": "https://www.ibm.com/support/pages/node/7230739"
},
{
"published_at": "2025-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231169",
"url": "https://www.ibm.com/support/pages/node/7231169"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231051",
"url": "https://www.ibm.com/support/pages/node/7231051"
}
]
}
CERTFR-2025-AVI-0337
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.28 | ||
| IBM | QRadar | QRadar Suite Software versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.28",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-35494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35494"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2020-35496",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35496"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-25584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25584"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2018-18700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18700"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-35495",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35495"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2019-12972",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12972"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2023-25585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25585"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2020-35507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35507"
},
{
"name": "CVE-2020-35493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35493"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2018-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230739",
"url": "https://www.ibm.com/support/pages/node/7230739"
},
{
"published_at": "2025-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231169",
"url": "https://www.ibm.com/support/pages/node/7231169"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231051",
"url": "https://www.ibm.com/support/pages/node/7231051"
}
]
}
BDU:2023-07804
Vulnerability from fstec - Published: 17.06.2019
VLAI Severity ?
Title
Уязвимость функции elf_object_p компонента bfd/elfcode.h программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции elf_object_p компонента bfd/elfcode.h программного средства разработки GNU Binutils связана с чтением за допустимыми границами буфера данных. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО "НППКТ", GNU General Public License
Software Name
Debian GNU/Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), GNU Binutils
Software Version
10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), до 2.3 (ОСОН ОСнова Оnyx), до 2.33.1 (GNU Binutils)
Possible Mitigations
Для Binutils:
использование рекомендаций производителя: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2019-12972
Для ОС Astra Linux:
обновить пакет binutils до 2.36-26.018 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения binutils до версии 2.31.1-16.osnova0u1
Reference
https://security-tracker.debian.org/tracker/CVE-2019-12972
https://sourceware.org/bugzilla/show_bug.cgi?id=24689
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.3/
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", GNU General Public License",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), \u0434\u043e 2.3 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.33.1 (GNU Binutils)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Binutils:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2019-12972\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 binutils \u0434\u043e 2.36-26.018 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f binutils \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.31.1-16.osnova0u1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.06.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.01.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.11.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-07804",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-12972",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), GNU Binutils",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 elf_object_p \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 bfd/elfcode.h \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GNU Binutils, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 elf_object_p \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 bfd/elfcode.h \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GNU Binutils \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://security-tracker.debian.org/tracker/CVE-2019-12972\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=24689\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.3/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
CNVD-2019-22404
Vulnerability from cnvd - Published: 2019-07-12
VLAI Severity ?
Title
GNU Binutils堆缓冲区溢出漏洞(CNVD-2019-22404)
Description
GNU Binutils是一组用于创建和管理二进制程序、对象文件、库、配置文件数据及程序集源代码的编程工具。
GNU Binutils 2.32中使用的二进制文件描述符(BFD)库中的bfd.c中的_bfd_doprnt存在堆缓冲区溢出漏洞。该漏洞源于elfcode.h中的elf_object_p未能正确处理SHT_GROUP类型的e_shstrndx部分(忽略了尾随的0字符)。攻击者可通过特制ELF输入利用该漏洞导致拒绝服务。
Severity
中
Patch Name
GNU Binutils堆缓冲区溢出漏洞的补丁
Patch Description
GNU Binutils是一组用于创建和管理二进制程序、对象文件、库、配置文件数据及程序集源代码的编程工具。
GNU Binutils 2.32中使用的二进制文件描述符(BFD)库中的bfd.c中的_bfd_doprnt存在堆缓冲区溢出漏洞。该漏洞源于elfcode.h中的elf_object_p不能正确处理SHT_GROUP类型的e_shstrndx部分(忽略了尾随的0字符)。攻击者可通过特制ELF输入利用该漏洞导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-12972
Impacted products
| Name | GNU Binutils 2.32 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-12972",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-12972"
}
},
"description": "GNU Binutils\u662f\u4e00\u7ec4\u7528\u4e8e\u521b\u5efa\u548c\u7ba1\u7406\u4e8c\u8fdb\u5236\u7a0b\u5e8f\u3001\u5bf9\u8c61\u6587\u4ef6\u3001\u5e93\u3001\u914d\u7f6e\u6587\u4ef6\u6570\u636e\u53ca\u7a0b\u5e8f\u96c6\u6e90\u4ee3\u7801\u7684\u7f16\u7a0b\u5de5\u5177\u3002\n\nGNU Binutils 2.32\u4e2d\u4f7f\u7528\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u63cf\u8ff0\u7b26(BFD)\u5e93\u4e2d\u7684bfd.c\u4e2d\u7684_bfd_doprnt\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eelfcode.h\u4e2d\u7684elf_object_p\u672a\u80fd\u6b63\u786e\u5904\u7406SHT_GROUP\u7c7b\u578b\u7684e_shstrndx\u90e8\u5206\uff08\u5ffd\u7565\u4e86\u5c3e\u968f\u76840\u5b57\u7b26\uff09\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236ELF\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "MITER",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-22404",
"openTime": "2019-07-12",
"patchDescription": "GNU Binutils\u662f\u4e00\u7ec4\u7528\u4e8e\u521b\u5efa\u548c\u7ba1\u7406\u4e8c\u8fdb\u5236\u7a0b\u5e8f\u3001\u5bf9\u8c61\u6587\u4ef6\u3001\u5e93\u3001\u914d\u7f6e\u6587\u4ef6\u6570\u636e\u53ca\u7a0b\u5e8f\u96c6\u6e90\u4ee3\u7801\u7684\u7f16\u7a0b\u5de5\u5177\u3002\nGNU Binutils 2.32\u4e2d\u4f7f\u7528\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u63cf\u8ff0\u7b26(BFD)\u5e93\u4e2d\u7684bfd.c\u4e2d\u7684_bfd_doprnt\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eelfcode.h\u4e2d\u7684elf_object_p\u4e0d\u80fd\u6b63\u786e\u5904\u7406SHT_GROUP\u7c7b\u578b\u7684e_shstrndx\u90e8\u5206\uff08\u5ffd\u7565\u4e86\u5c3e\u968f\u76840\u5b57\u7b26\uff09\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236ELF\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "GNU Binutils\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "GNU Binutils 2.32"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-12972",
"serverity": "\u4e2d",
"submitTime": "2019-06-27",
"title": "GNU Binutils\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-22404\uff09"
}
FKIE_CVE-2019-12972
Vulnerability from fkie_nvd - Published: 2019-06-26 14:15 - Updated: 2024-11-21 04:23
Severity ?
Summary
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "8A276274-BE53-4BC8-B3E4-3DF151E5FC7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character."
},
{
"lang": "es",
"value": "Fue encontrado un problema en la biblioteca Binary File Descriptor (BFD), tambi\u00e9n conocida como libbfd, tal y como se distribuye en GNU Binutils 2.32. Se ha descubierto un problema en las versiones 0.7 y 0.7.1645 de GNU LibreDWG. Hay una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en _bfd_doprnt in bfd.c porque elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP mediante la omisi\u00f3n de un car\u00e1cter \\0\u0027 final."
}
],
"id": "CVE-2019-12972",
"lastModified": "2024-11-21T04:23:55.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108903"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-39"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689"
},
{
"source": "cve@mitre.org",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=890f750a3b053532a4b839a2dd6243076de12031"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4336-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=890f750a3b053532a4b839a2dd6243076de12031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4336-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8Q59-68WH-W68X
Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2023-03-01 18:30
VLAI?
Details
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-12972"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-26T14:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character.",
"id": "GHSA-8q59-68wh-w68x",
"modified": "2023-03-01T18:30:57Z",
"published": "2022-05-24T16:48:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12972"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-39"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4336-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108903"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-12972
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-12972",
"description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character.",
"id": "GSD-2019-12972",
"references": [
"https://www.suse.com/security/cve/CVE-2019-12972.html",
"https://ubuntu.com/security/CVE-2019-12972"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-12972"
],
"details": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character.",
"id": "GSD-2019-12972",
"modified": "2023-12-13T01:23:43.509913Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031",
"refsource": "MISC",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031"
},
{
"name": "108903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108903"
},
{
"name": "USN-4336-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4336-1/"
},
{
"name": "GLSA-202007-39",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-39"
},
{
"name": "openSUSE-SU-2020:1790",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
},
{
"name": "openSUSE-SU-2020:1804",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12972"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24689"
},
{
"name": "108903",
"refsource": "BID",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108903"
},
{
"name": "USN-4336-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4336-1/"
},
{
"name": "GLSA-202007-39",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-39"
},
{
"name": "openSUSE-SU-2020:1804",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1790",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-03-01T18:01Z",
"publishedDate": "2019-06-26T14:15Z"
}
}
}
MSRC_CVE-2019-12972
Vulnerability from csaf_microsoft - Published: 2019-06-02 00:00 - Updated: 2020-08-18 00:00Summary
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2019-12972 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-12972.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character.",
"tracking": {
"current_release_date": "2020-08-18T00:00:00.000Z",
"generator": {
"date": "2025-10-19T17:34:35.815Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2019-12972",
"initial_release_date": "2019-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2020-08-18T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 binutils 2.32-4",
"product": {
"name": "\u003ccm1 binutils 2.32-4",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 binutils 2.32-4",
"product": {
"name": "cm1 binutils 2.32-4",
"product_id": "17006"
}
}
],
"category": "product_name",
"name": "binutils"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 binutils 2.32-4 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 binutils 2.32-4 as a component of CBL Mariner 1.0",
"product_id": "17006-16820"
},
"product_reference": "17006",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12972",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17006-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-12972 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-12972.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T00:00:00.000Z",
"details": "2.32-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character."
}
]
}
OPENSUSE-SU-2020:1790-1
Vulnerability from csaf_opensuse - Published: 2020-10-31 13:22 - Updated: 2020-10-31 13:22Summary
Security update for binutils
Severity
Moderate
Notes
Title of the patch: Security update for binutils
Description of the patch: This update for binutils fixes the following issues:
binutils was updated to version 2.35. (jsc#ECO-2373)
Update to binutils 2.35:
* The assembler can now produce DWARF-5 format line number tables.
* Readelf now has a 'lint' mode to enable extra checks of the files it is processing.
* Readelf will now display '[...]' when it has to truncate a symbol name.
The old behaviour - of displaying as many characters as possible, up to
the 80 column limit - can be restored by the use of the --silent-truncation
option.
* The linker can now produce a dependency file listing the inputs that it
has processed, much like the -M -MP option supported by the compiler.
- fix DT_NEEDED order with -flto [bsc#1163744]
Update to binutils 2.34:
* The disassembler (objdump --disassemble) now has an option to
generate ascii art thats show the arcs between that start and end
points of control flow instructions.
* The binutils tools now have support for debuginfod. Debuginfod is a
HTTP service for distributing ELF/DWARF debugging information as
well as source code. The tools can now connect to debuginfod
servers in order to download debug information about the files that
they are processing.
* The assembler and linker now support the generation of ELF format
files for the Z80 architecture.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to bsc#1163333.
- Includes fixes for these CVEs:
bsc#1153768 aka CVE-2019-17451 aka PR25070
bsc#1153770 aka CVE-2019-17450 aka PR25078
- fix various build fails on aarch64 (PR25210, bsc#1157755).
Update to binutils 2.33.1:
* Adds support for the Arm Scalable Vector Extension version 2
(SVE2) instructions, the Arm Transactional Memory Extension (TME)
instructions and the Armv8.1-M Mainline and M-profile Vector
Extension (MVE) instructions.
* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
Cortex-A76AE, and Cortex-A77 processors.
* Adds a .float16 directive for both Arm and AArch64 to allow
encoding of 16-bit floating point literals.
* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]
configure time option to set the default behavior. Set the default
if the configure option is not used to 'no'.
* The Cortex-A53 Erratum 843419 workaround now supports a choice of
which workaround to use. The option --fix-cortex-a53-843419 now
takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
which can be used to force a particular workaround to be used.
See --help for AArch64 for more details.
* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties
in the AArch64 ELF linker.
* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on inputs and use PLTs protected with BTI.
* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
* Add --source-comment[=<txt>] option to objdump which if present,
provides a prefix to source code lines displayed in a disassembly.
* Add --set-section-alignment <section-name>=<power-of-2-align>
option to objcopy to allow the changing of section alignments.
* Add --verilog-data-width option to objcopy for verilog targets to
control width of data elements in verilog hex format.
* The separate debug info file options of readelf (--debug-dump=links
and --debug-dump=follow) and objdump (--dwarf=links and
--dwarf=follow-links) will now display and/or follow multiple
links if more than one are present in a file. (This usually
happens when gcc's -gsplit-dwarf option is used).
In addition objdump's --dwarf=follow-links now also affects its
other display options, so that for example, when combined with
--syms it will cause the symbol tables in any linked debug info
files to also be displayed. In addition when combined with
--disassemble the --dwarf= follow-links option will ensure that
any symbol tables in the linked files are read and used when
disassembling code in the main file.
* Add support for dumping types encoded in the Compact Type Format
to objdump and readelf.
- Includes fixes for these CVEs:
bsc#1126826 aka CVE-2019-9077 aka PR1126826
bsc#1126829 aka CVE-2019-9075 aka PR1126829
bsc#1126831 aka CVE-2019-9074 aka PR24235
bsc#1140126 aka CVE-2019-12972 aka PR23405
bsc#1143609 aka CVE-2019-14444 aka PR24829
bsc#1142649 aka CVE-2019-14250 aka PR90924
* Add xBPF target
* Fix various problems with DWARF 5 support in gas
* fix nm -B for objects compiled with -flto and -fcommon.
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-1790
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.2 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for binutils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for binutils fixes the following issues:\n\nbinutils was updated to version 2.35. (jsc#ECO-2373)\n\nUpdate to binutils 2.35:\n\n* The assembler can now produce DWARF-5 format line number tables.\n* Readelf now has a \u0027lint\u0027 mode to enable extra checks of the files it is processing.\n* Readelf will now display \u0027[...]\u0027 when it has to truncate a symbol name. \n The old behaviour - of displaying as many characters as possible, up to\n the 80 column limit - can be restored by the use of the --silent-truncation\n option.\n* The linker can now produce a dependency file listing the inputs that it\n has processed, much like the -M -MP option supported by the compiler.\n\n- fix DT_NEEDED order with -flto [bsc#1163744]\n\n\nUpdate to binutils 2.34:\n\n* The disassembler (objdump --disassemble) now has an option to\n generate ascii art thats show the arcs between that start and end\n points of control flow instructions.\n* The binutils tools now have support for debuginfod. Debuginfod is a \n HTTP service for distributing ELF/DWARF debugging information as\n well as source code. The tools can now connect to debuginfod\n servers in order to download debug information about the files that\n they are processing.\n* The assembler and linker now support the generation of ELF format\n files for the Z80 architecture.\n\n- Add new subpackages for libctf and libctf-nobfd.\n- Disable LTO due to bsc#1163333.\n- Includes fixes for these CVEs:\n bsc#1153768 aka CVE-2019-17451 aka PR25070\n bsc#1153770 aka CVE-2019-17450 aka PR25078\n\n- fix various build fails on aarch64 (PR25210, bsc#1157755).\n\nUpdate to binutils 2.33.1:\n\n* Adds support for the Arm Scalable Vector Extension version 2\n (SVE2) instructions, the Arm Transactional Memory Extension (TME)\n instructions and the Armv8.1-M Mainline and M-profile Vector\n Extension (MVE) instructions.\n* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P\n processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,\n Cortex-A76AE, and Cortex-A77 processors.\n* Adds a .float16 directive for both Arm and AArch64 to allow\n encoding of 16-bit floating point literals.\n* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)\n Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]\n configure time option to set the default behavior. Set the default\n if the configure option is not used to \u0027no\u0027.\n* The Cortex-A53 Erratum 843419 workaround now supports a choice of\n which workaround to use. The option --fix-cortex-a53-843419 now\n takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]\n which can be used to force a particular workaround to be used.\n See --help for AArch64 for more details.\n* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and\n GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties\n in the AArch64 ELF linker. \n* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI\n on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI \n on inputs and use PLTs protected with BTI.\n* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.\n* Add --source-comment[=\u003ctxt\u003e] option to objdump which if present,\n provides a prefix to source code lines displayed in a disassembly.\n* Add --set-section-alignment \u003csection-name\u003e=\u003cpower-of-2-align\u003e\n option to objcopy to allow the changing of section alignments.\n* Add --verilog-data-width option to objcopy for verilog targets to\n control width of data elements in verilog hex format.\n* The separate debug info file options of readelf (--debug-dump=links\n and --debug-dump=follow) and objdump (--dwarf=links and\n --dwarf=follow-links) will now display and/or follow multiple\n links if more than one are present in a file. (This usually\n happens when gcc\u0027s -gsplit-dwarf option is used).\n In addition objdump\u0027s --dwarf=follow-links now also affects its\n other display options, so that for example, when combined with\n --syms it will cause the symbol tables in any linked debug info\n files to also be displayed. In addition when combined with\n --disassemble the --dwarf= follow-links option will ensure that\n any symbol tables in the linked files are read and used when\n disassembling code in the main file.\n* Add support for dumping types encoded in the Compact Type Format\n to objdump and readelf.\n- Includes fixes for these CVEs:\n bsc#1126826 aka CVE-2019-9077 aka PR1126826\n bsc#1126829 aka CVE-2019-9075 aka PR1126829\n bsc#1126831 aka CVE-2019-9074 aka PR24235\n bsc#1140126 aka CVE-2019-12972 aka PR23405\n bsc#1143609 aka CVE-2019-14444 aka PR24829\n bsc#1142649 aka CVE-2019-14250 aka PR90924\n\n* Add xBPF target\n* Fix various problems with DWARF 5 support in gas\n* fix nm -B for objects compiled with -flto and -fcommon.\n\n \nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1790",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1790-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1790-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AYODXTIQHTHANYSEI73JBXTPH244JTOU/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1790-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AYODXTIQHTHANYSEI73JBXTPH244JTOU/"
},
{
"category": "self",
"summary": "SUSE Bug 1126826",
"url": "https://bugzilla.suse.com/1126826"
},
{
"category": "self",
"summary": "SUSE Bug 1126829",
"url": "https://bugzilla.suse.com/1126829"
},
{
"category": "self",
"summary": "SUSE Bug 1126831",
"url": "https://bugzilla.suse.com/1126831"
},
{
"category": "self",
"summary": "SUSE Bug 1140126",
"url": "https://bugzilla.suse.com/1140126"
},
{
"category": "self",
"summary": "SUSE Bug 1142649",
"url": "https://bugzilla.suse.com/1142649"
},
{
"category": "self",
"summary": "SUSE Bug 1143609",
"url": "https://bugzilla.suse.com/1143609"
},
{
"category": "self",
"summary": "SUSE Bug 1153768",
"url": "https://bugzilla.suse.com/1153768"
},
{
"category": "self",
"summary": "SUSE Bug 1153770",
"url": "https://bugzilla.suse.com/1153770"
},
{
"category": "self",
"summary": "SUSE Bug 1157755",
"url": "https://bugzilla.suse.com/1157755"
},
{
"category": "self",
"summary": "SUSE Bug 1160254",
"url": "https://bugzilla.suse.com/1160254"
},
{
"category": "self",
"summary": "SUSE Bug 1160590",
"url": "https://bugzilla.suse.com/1160590"
},
{
"category": "self",
"summary": "SUSE Bug 1163333",
"url": "https://bugzilla.suse.com/1163333"
},
{
"category": "self",
"summary": "SUSE Bug 1163744",
"url": "https://bugzilla.suse.com/1163744"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12972 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14250 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14444 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17450 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17451 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9074 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9075 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9077/"
}
],
"title": "Security update for binutils",
"tracking": {
"current_release_date": "2020-10-31T13:22:55Z",
"generator": {
"date": "2020-10-31T13:22:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1790-1",
"initial_release_date": "2020-10-31T13:22:55Z",
"revision_history": [
{
"date": "2020-10-31T13:22:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "binutils-2.35-lp151.3.9.1.i586",
"product": {
"name": "binutils-2.35-lp151.3.9.1.i586",
"product_id": "binutils-2.35-lp151.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "binutils-devel-2.35-lp151.3.9.1.i586",
"product": {
"name": "binutils-devel-2.35-lp151.3.9.1.i586",
"product_id": "binutils-devel-2.35-lp151.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "binutils-gold-2.35-lp151.3.9.1.i586",
"product": {
"name": "binutils-gold-2.35-lp151.3.9.1.i586",
"product_id": "binutils-gold-2.35-lp151.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "libctf-nobfd0-2.35-lp151.3.9.1.i586",
"product": {
"name": "libctf-nobfd0-2.35-lp151.3.9.1.i586",
"product_id": "libctf-nobfd0-2.35-lp151.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "libctf0-2.35-lp151.3.9.1.i586",
"product": {
"name": "libctf0-2.35-lp151.3.9.1.i586",
"product_id": "libctf0-2.35-lp151.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "binutils-devel-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "binutils-devel-2.35-lp151.3.9.1.x86_64",
"product_id": "binutils-devel-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"product_id": "binutils-devel-32bit-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "binutils-gold-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "binutils-gold-2.35-lp151.3.9.1.x86_64",
"product_id": "binutils-gold-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-arm-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-avr-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-hppa-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-i386-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-ia64-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-m68k-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-mips-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-ppc-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-rx-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-s390-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-s390x-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-sparc-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"product_id": "cross-spu-binutils-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"product_id": "libctf-nobfd0-2.35-lp151.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libctf0-2.35-lp151.3.9.1.x86_64",
"product": {
"name": "libctf0-2.35-lp151.3.9.1.x86_64",
"product_id": "libctf0-2.35-lp151.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-2.35-lp151.3.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586"
},
"product_reference": "binutils-2.35-lp151.3.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-devel-2.35-lp151.3.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586"
},
"product_reference": "binutils-devel-2.35-lp151.3.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-devel-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "binutils-devel-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-devel-32bit-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-gold-2.35-lp151.3.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586"
},
"product_reference": "binutils-gold-2.35-lp151.3.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-gold-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "binutils-gold-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-arm-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-avr-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-hppa-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-i386-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-ia64-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-m68k-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-mips-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-ppc-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-rx-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-s390-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-s390x-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-sparc-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-spu-binutils-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libctf-nobfd0-2.35-lp151.3.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586"
},
"product_reference": "libctf-nobfd0-2.35-lp151.3.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libctf-nobfd0-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libctf0-2.35-lp151.3.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586"
},
"product_reference": "libctf0-2.35-lp151.3.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libctf0-2.35-lp151.3.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
},
"product_reference": "libctf0-2.35-lp151.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12972"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12972",
"url": "https://www.suse.com/security/cve/CVE-2019-12972"
},
{
"category": "external",
"summary": "SUSE Bug 1140126 for CVE-2019-12972",
"url": "https://bugzilla.suse.com/1140126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:22:55Z",
"details": "moderate"
}
],
"title": "CVE-2019-12972"
},
{
"cve": "CVE-2019-14250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14250"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14250",
"url": "https://www.suse.com/security/cve/CVE-2019-14250"
},
{
"category": "external",
"summary": "SUSE Bug 1142649 for CVE-2019-14250",
"url": "https://bugzilla.suse.com/1142649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:22:55Z",
"details": "moderate"
}
],
"title": "CVE-2019-14250"
},
{
"cve": "CVE-2019-14444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14444"
}
],
"notes": [
{
"category": "general",
"text": "apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14444",
"url": "https://www.suse.com/security/cve/CVE-2019-14444"
},
{
"category": "external",
"summary": "SUSE Bug 1143609 for CVE-2019-14444",
"url": "https://bugzilla.suse.com/1143609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:22:55Z",
"details": "low"
}
],
"title": "CVE-2019-14444"
},
{
"cve": "CVE-2019-17450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17450"
}
],
"notes": [
{
"category": "general",
"text": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17450",
"url": "https://www.suse.com/security/cve/CVE-2019-17450"
},
{
"category": "external",
"summary": "SUSE Bug 1153770 for CVE-2019-17450",
"url": "https://bugzilla.suse.com/1153770"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:22:55Z",
"details": "low"
}
],
"title": "CVE-2019-17450"
},
{
"cve": "CVE-2019-17451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17451"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17451",
"url": "https://www.suse.com/security/cve/CVE-2019-17451"
},
{
"category": "external",
"summary": "SUSE Bug 1153768 for CVE-2019-17451",
"url": "https://bugzilla.suse.com/1153768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:22:55Z",
"details": "low"
}
],
"title": "CVE-2019-17451"
},
{
"cve": "CVE-2019-9074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9074"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9074",
"url": "https://www.suse.com/security/cve/CVE-2019-9074"
},
{
"category": "external",
"summary": "SUSE Bug 1126831 for CVE-2019-9074",
"url": "https://bugzilla.suse.com/1126831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:22:55Z",
"details": "moderate"
}
],
"title": "CVE-2019-9074"
},
{
"cve": "CVE-2019-9075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9075"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9075",
"url": "https://www.suse.com/security/cve/CVE-2019-9075"
},
{
"category": "external",
"summary": "SUSE Bug 1071544 for CVE-2019-9075",
"url": "https://bugzilla.suse.com/1071544"
},
{
"category": "external",
"summary": "SUSE Bug 1126829 for CVE-2019-9075",
"url": "https://bugzilla.suse.com/1126829"
},
{
"category": "external",
"summary": "SUSE Bug 1193110 for CVE-2019-9075",
"url": "https://bugzilla.suse.com/1193110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:22:55Z",
"details": "low"
}
],
"title": "CVE-2019-9075"
},
{
"cve": "CVE-2019-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9077"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9077",
"url": "https://www.suse.com/security/cve/CVE-2019-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1126826 for CVE-2019-9077",
"url": "https://bugzilla.suse.com/1126826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-devel-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-devel-32bit-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:binutils-gold-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-aarch64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-arm-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-avr-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-epiphany-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-hppa64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-i386-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ia64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-m68k-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-mips-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-ppc64le-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-riscv64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-rx-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-s390x-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-sparc64-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:cross-spu-binutils-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf-nobfd0-2.35-lp151.3.9.1.x86_64",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.i586",
"openSUSE Leap 15.1:libctf0-2.35-lp151.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:22:55Z",
"details": "moderate"
}
],
"title": "CVE-2019-9077"
}
]
}
OPENSUSE-SU-2020:1804-1
Vulnerability from csaf_opensuse - Published: 2020-11-01 09:23 - Updated: 2020-11-01 09:23Summary
Security update for binutils
Severity
Moderate
Notes
Title of the patch: Security update for binutils
Description of the patch: This update for binutils fixes the following issues:
binutils was updated to version 2.35. (jsc#ECO-2373)
Update to binutils 2.35:
* The assembler can now produce DWARF-5 format line number tables.
* Readelf now has a 'lint' mode to enable extra checks of the files it is processing.
* Readelf will now display '[...]' when it has to truncate a symbol name.
The old behaviour - of displaying as many characters as possible, up to
the 80 column limit - can be restored by the use of the --silent-truncation
option.
* The linker can now produce a dependency file listing the inputs that it
has processed, much like the -M -MP option supported by the compiler.
- fix DT_NEEDED order with -flto [bsc#1163744]
Update to binutils 2.34:
* The disassembler (objdump --disassemble) now has an option to
generate ascii art thats show the arcs between that start and end
points of control flow instructions.
* The binutils tools now have support for debuginfod. Debuginfod is a
HTTP service for distributing ELF/DWARF debugging information as
well as source code. The tools can now connect to debuginfod
servers in order to download debug information about the files that
they are processing.
* The assembler and linker now support the generation of ELF format
files for the Z80 architecture.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to bsc#1163333.
- Includes fixes for these CVEs:
bsc#1153768 aka CVE-2019-17451 aka PR25070
bsc#1153770 aka CVE-2019-17450 aka PR25078
- fix various build fails on aarch64 (PR25210, bsc#1157755).
Update to binutils 2.33.1:
* Adds support for the Arm Scalable Vector Extension version 2
(SVE2) instructions, the Arm Transactional Memory Extension (TME)
instructions and the Armv8.1-M Mainline and M-profile Vector
Extension (MVE) instructions.
* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
Cortex-A76AE, and Cortex-A77 processors.
* Adds a .float16 directive for both Arm and AArch64 to allow
encoding of 16-bit floating point literals.
* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]
configure time option to set the default behavior. Set the default
if the configure option is not used to 'no'.
* The Cortex-A53 Erratum 843419 workaround now supports a choice of
which workaround to use. The option --fix-cortex-a53-843419 now
takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
which can be used to force a particular workaround to be used.
See --help for AArch64 for more details.
* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties
in the AArch64 ELF linker.
* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on inputs and use PLTs protected with BTI.
* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
* Add --source-comment[=<txt>] option to objdump which if present,
provides a prefix to source code lines displayed in a disassembly.
* Add --set-section-alignment <section-name>=<power-of-2-align>
option to objcopy to allow the changing of section alignments.
* Add --verilog-data-width option to objcopy for verilog targets to
control width of data elements in verilog hex format.
* The separate debug info file options of readelf (--debug-dump=links
and --debug-dump=follow) and objdump (--dwarf=links and
--dwarf=follow-links) will now display and/or follow multiple
links if more than one are present in a file. (This usually
happens when gcc's -gsplit-dwarf option is used).
In addition objdump's --dwarf=follow-links now also affects its
other display options, so that for example, when combined with
--syms it will cause the symbol tables in any linked debug info
files to also be displayed. In addition when combined with
--disassemble the --dwarf= follow-links option will ensure that
any symbol tables in the linked files are read and used when
disassembling code in the main file.
* Add support for dumping types encoded in the Compact Type Format
to objdump and readelf.
- Includes fixes for these CVEs:
bsc#1126826 aka CVE-2019-9077 aka PR1126826
bsc#1126829 aka CVE-2019-9075 aka PR1126829
bsc#1126831 aka CVE-2019-9074 aka PR24235
bsc#1140126 aka CVE-2019-12972 aka PR23405
bsc#1143609 aka CVE-2019-14444 aka PR24829
bsc#1142649 aka CVE-2019-14250 aka PR90924
* Add xBPF target
* Fix various problems with DWARF 5 support in gas
* fix nm -B for objects compiled with -flto and -fcommon.
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-1804
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.2 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for binutils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for binutils fixes the following issues:\n\nbinutils was updated to version 2.35. (jsc#ECO-2373)\n\nUpdate to binutils 2.35:\n\n* The assembler can now produce DWARF-5 format line number tables.\n* Readelf now has a \u0027lint\u0027 mode to enable extra checks of the files it is processing.\n* Readelf will now display \u0027[...]\u0027 when it has to truncate a symbol name. \n The old behaviour - of displaying as many characters as possible, up to\n the 80 column limit - can be restored by the use of the --silent-truncation\n option.\n* The linker can now produce a dependency file listing the inputs that it\n has processed, much like the -M -MP option supported by the compiler.\n\n- fix DT_NEEDED order with -flto [bsc#1163744]\n\n\nUpdate to binutils 2.34:\n\n* The disassembler (objdump --disassemble) now has an option to\n generate ascii art thats show the arcs between that start and end\n points of control flow instructions.\n* The binutils tools now have support for debuginfod. Debuginfod is a \n HTTP service for distributing ELF/DWARF debugging information as\n well as source code. The tools can now connect to debuginfod\n servers in order to download debug information about the files that\n they are processing.\n* The assembler and linker now support the generation of ELF format\n files for the Z80 architecture.\n\n- Add new subpackages for libctf and libctf-nobfd.\n- Disable LTO due to bsc#1163333.\n- Includes fixes for these CVEs:\n bsc#1153768 aka CVE-2019-17451 aka PR25070\n bsc#1153770 aka CVE-2019-17450 aka PR25078\n\n- fix various build fails on aarch64 (PR25210, bsc#1157755).\n\nUpdate to binutils 2.33.1:\n\n* Adds support for the Arm Scalable Vector Extension version 2\n (SVE2) instructions, the Arm Transactional Memory Extension (TME)\n instructions and the Armv8.1-M Mainline and M-profile Vector\n Extension (MVE) instructions.\n* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P\n processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,\n Cortex-A76AE, and Cortex-A77 processors.\n* Adds a .float16 directive for both Arm and AArch64 to allow\n encoding of 16-bit floating point literals.\n* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)\n Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]\n configure time option to set the default behavior. Set the default\n if the configure option is not used to \u0027no\u0027.\n* The Cortex-A53 Erratum 843419 workaround now supports a choice of\n which workaround to use. The option --fix-cortex-a53-843419 now\n takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]\n which can be used to force a particular workaround to be used.\n See --help for AArch64 for more details.\n* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and\n GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties\n in the AArch64 ELF linker. \n* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI\n on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI \n on inputs and use PLTs protected with BTI.\n* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.\n* Add --source-comment[=\u003ctxt\u003e] option to objdump which if present,\n provides a prefix to source code lines displayed in a disassembly.\n* Add --set-section-alignment \u003csection-name\u003e=\u003cpower-of-2-align\u003e\n option to objcopy to allow the changing of section alignments.\n* Add --verilog-data-width option to objcopy for verilog targets to\n control width of data elements in verilog hex format.\n* The separate debug info file options of readelf (--debug-dump=links\n and --debug-dump=follow) and objdump (--dwarf=links and\n --dwarf=follow-links) will now display and/or follow multiple\n links if more than one are present in a file. (This usually\n happens when gcc\u0027s -gsplit-dwarf option is used).\n In addition objdump\u0027s --dwarf=follow-links now also affects its\n other display options, so that for example, when combined with\n --syms it will cause the symbol tables in any linked debug info\n files to also be displayed. In addition when combined with\n --disassemble the --dwarf= follow-links option will ensure that\n any symbol tables in the linked files are read and used when\n disassembling code in the main file.\n* Add support for dumping types encoded in the Compact Type Format\n to objdump and readelf.\n- Includes fixes for these CVEs:\n bsc#1126826 aka CVE-2019-9077 aka PR1126826\n bsc#1126829 aka CVE-2019-9075 aka PR1126829\n bsc#1126831 aka CVE-2019-9074 aka PR24235\n bsc#1140126 aka CVE-2019-12972 aka PR23405\n bsc#1143609 aka CVE-2019-14444 aka PR24829\n bsc#1142649 aka CVE-2019-14250 aka PR90924\n\n* Add xBPF target\n* Fix various problems with DWARF 5 support in gas\n* fix nm -B for objects compiled with -flto and -fcommon.\n\n \nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1804",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1804-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1804-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HD525V55IWCMFIZABVL2WPYZ3F73Y4RP/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1804-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HD525V55IWCMFIZABVL2WPYZ3F73Y4RP/"
},
{
"category": "self",
"summary": "SUSE Bug 1126826",
"url": "https://bugzilla.suse.com/1126826"
},
{
"category": "self",
"summary": "SUSE Bug 1126829",
"url": "https://bugzilla.suse.com/1126829"
},
{
"category": "self",
"summary": "SUSE Bug 1126831",
"url": "https://bugzilla.suse.com/1126831"
},
{
"category": "self",
"summary": "SUSE Bug 1140126",
"url": "https://bugzilla.suse.com/1140126"
},
{
"category": "self",
"summary": "SUSE Bug 1142649",
"url": "https://bugzilla.suse.com/1142649"
},
{
"category": "self",
"summary": "SUSE Bug 1143609",
"url": "https://bugzilla.suse.com/1143609"
},
{
"category": "self",
"summary": "SUSE Bug 1153768",
"url": "https://bugzilla.suse.com/1153768"
},
{
"category": "self",
"summary": "SUSE Bug 1153770",
"url": "https://bugzilla.suse.com/1153770"
},
{
"category": "self",
"summary": "SUSE Bug 1157755",
"url": "https://bugzilla.suse.com/1157755"
},
{
"category": "self",
"summary": "SUSE Bug 1160254",
"url": "https://bugzilla.suse.com/1160254"
},
{
"category": "self",
"summary": "SUSE Bug 1160590",
"url": "https://bugzilla.suse.com/1160590"
},
{
"category": "self",
"summary": "SUSE Bug 1163333",
"url": "https://bugzilla.suse.com/1163333"
},
{
"category": "self",
"summary": "SUSE Bug 1163744",
"url": "https://bugzilla.suse.com/1163744"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12972 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14250 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14444 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17450 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17451 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9074 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9075 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9077/"
}
],
"title": "Security update for binutils",
"tracking": {
"current_release_date": "2020-11-01T09:23:38Z",
"generator": {
"date": "2020-11-01T09:23:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1804-1",
"initial_release_date": "2020-11-01T09:23:38Z",
"revision_history": [
{
"date": "2020-11-01T09:23:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "binutils-2.35-lp152.4.3.1.i586",
"product": {
"name": "binutils-2.35-lp152.4.3.1.i586",
"product_id": "binutils-2.35-lp152.4.3.1.i586"
}
},
{
"category": "product_version",
"name": "binutils-devel-2.35-lp152.4.3.1.i586",
"product": {
"name": "binutils-devel-2.35-lp152.4.3.1.i586",
"product_id": "binutils-devel-2.35-lp152.4.3.1.i586"
}
},
{
"category": "product_version",
"name": "binutils-gold-2.35-lp152.4.3.1.i586",
"product": {
"name": "binutils-gold-2.35-lp152.4.3.1.i586",
"product_id": "binutils-gold-2.35-lp152.4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libctf-nobfd0-2.35-lp152.4.3.1.i586",
"product": {
"name": "libctf-nobfd0-2.35-lp152.4.3.1.i586",
"product_id": "libctf-nobfd0-2.35-lp152.4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libctf0-2.35-lp152.4.3.1.i586",
"product": {
"name": "libctf0-2.35-lp152.4.3.1.i586",
"product_id": "libctf0-2.35-lp152.4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "binutils-devel-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "binutils-devel-2.35-lp152.4.3.1.x86_64",
"product_id": "binutils-devel-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"product_id": "binutils-devel-32bit-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "binutils-gold-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "binutils-gold-2.35-lp152.4.3.1.x86_64",
"product_id": "binutils-gold-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-arm-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-avr-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-hppa-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-i386-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-ia64-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-m68k-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-mips-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-ppc-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-rx-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-s390-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-s390x-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-sparc-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-spu-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"product_id": "cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"product_id": "libctf-nobfd0-2.35-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libctf0-2.35-lp152.4.3.1.x86_64",
"product": {
"name": "libctf0-2.35-lp152.4.3.1.x86_64",
"product_id": "libctf0-2.35-lp152.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-2.35-lp152.4.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586"
},
"product_reference": "binutils-2.35-lp152.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-devel-2.35-lp152.4.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586"
},
"product_reference": "binutils-devel-2.35-lp152.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-devel-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "binutils-devel-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-devel-32bit-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-gold-2.35-lp152.4.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586"
},
"product_reference": "binutils-gold-2.35-lp152.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "binutils-gold-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "binutils-gold-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-arm-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-avr-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-hppa-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-i386-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-ia64-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-m68k-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-mips-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-ppc-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-rx-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-s390-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-s390x-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-sparc-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-spu-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libctf-nobfd0-2.35-lp152.4.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586"
},
"product_reference": "libctf-nobfd0-2.35-lp152.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libctf-nobfd0-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libctf0-2.35-lp152.4.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586"
},
"product_reference": "libctf0-2.35-lp152.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libctf0-2.35-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
},
"product_reference": "libctf0-2.35-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12972"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \u0027\\0\u0027 character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12972",
"url": "https://www.suse.com/security/cve/CVE-2019-12972"
},
{
"category": "external",
"summary": "SUSE Bug 1140126 for CVE-2019-12972",
"url": "https://bugzilla.suse.com/1140126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T09:23:38Z",
"details": "moderate"
}
],
"title": "CVE-2019-12972"
},
{
"cve": "CVE-2019-14250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14250"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14250",
"url": "https://www.suse.com/security/cve/CVE-2019-14250"
},
{
"category": "external",
"summary": "SUSE Bug 1142649 for CVE-2019-14250",
"url": "https://bugzilla.suse.com/1142649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T09:23:38Z",
"details": "moderate"
}
],
"title": "CVE-2019-14250"
},
{
"cve": "CVE-2019-14444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14444"
}
],
"notes": [
{
"category": "general",
"text": "apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14444",
"url": "https://www.suse.com/security/cve/CVE-2019-14444"
},
{
"category": "external",
"summary": "SUSE Bug 1143609 for CVE-2019-14444",
"url": "https://bugzilla.suse.com/1143609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T09:23:38Z",
"details": "low"
}
],
"title": "CVE-2019-14444"
},
{
"cve": "CVE-2019-17450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17450"
}
],
"notes": [
{
"category": "general",
"text": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17450",
"url": "https://www.suse.com/security/cve/CVE-2019-17450"
},
{
"category": "external",
"summary": "SUSE Bug 1153770 for CVE-2019-17450",
"url": "https://bugzilla.suse.com/1153770"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T09:23:38Z",
"details": "low"
}
],
"title": "CVE-2019-17450"
},
{
"cve": "CVE-2019-17451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17451"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17451",
"url": "https://www.suse.com/security/cve/CVE-2019-17451"
},
{
"category": "external",
"summary": "SUSE Bug 1153768 for CVE-2019-17451",
"url": "https://bugzilla.suse.com/1153768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T09:23:38Z",
"details": "low"
}
],
"title": "CVE-2019-17451"
},
{
"cve": "CVE-2019-9074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9074"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9074",
"url": "https://www.suse.com/security/cve/CVE-2019-9074"
},
{
"category": "external",
"summary": "SUSE Bug 1126831 for CVE-2019-9074",
"url": "https://bugzilla.suse.com/1126831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T09:23:38Z",
"details": "moderate"
}
],
"title": "CVE-2019-9074"
},
{
"cve": "CVE-2019-9075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9075"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9075",
"url": "https://www.suse.com/security/cve/CVE-2019-9075"
},
{
"category": "external",
"summary": "SUSE Bug 1071544 for CVE-2019-9075",
"url": "https://bugzilla.suse.com/1071544"
},
{
"category": "external",
"summary": "SUSE Bug 1126829 for CVE-2019-9075",
"url": "https://bugzilla.suse.com/1126829"
},
{
"category": "external",
"summary": "SUSE Bug 1193110 for CVE-2019-9075",
"url": "https://bugzilla.suse.com/1193110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T09:23:38Z",
"details": "low"
}
],
"title": "CVE-2019-9075"
},
{
"cve": "CVE-2019-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9077"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9077",
"url": "https://www.suse.com/security/cve/CVE-2019-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1126826 for CVE-2019-9077",
"url": "https://bugzilla.suse.com/1126826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-devel-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-devel-32bit-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:binutils-gold-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-aarch64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-arm-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-avr-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-epiphany-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-hppa64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-i386-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ia64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-m68k-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-mips-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-ppc64le-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-riscv64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-rx-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-s390x-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-sparc64-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-spu-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:cross-xtensa-binutils-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf-nobfd0-2.35-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libctf0-2.35-lp152.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T09:23:38Z",
"details": "moderate"
}
],
"title": "CVE-2019-9077"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…