ID

VAR-202103-0479

CVE

CVE-2021-20197

TITLE

GNU binutils  Link interpretation vulnerability in

DESCRIPTION

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. GNU binutils There is a link interpretation vulnerability in.Information may be obtained and information may be tampered with. GNU Binutils (GNU Binary Utilities or binutils) is a set of programming language tool programs developed by the GNU community. The program is primarily designed to handle object files in various formats and provides linkers, assemblers, and other tools for object files and archives. An access control error vulnerability exists in GNU binutils that allows smart_rename() to bypass access restrictions, allowing an attacker to read or change data. Bugs fixed (https://bugzilla.redhat.com/): 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: binutils security update Advisory ID: RHSA-2021:4364-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4364 Issue date: 2021-11-09 CVE Names: CVE-2020-35448 CVE-2021-3487 CVE-2021-20197 CVE-2021-20284 ==================================================================== 1. Summary: An update for binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (CVE-2021-3487) * binutils: Race window allows users to own arbitrary files (CVE-2021-20197) * binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448) * binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1913743 - CVE-2021-20197 binutils: Race window allows users to own arbitrary files 1924068 - binutils debuginfo misses code for bfd functions 1930988 - Backport breaks building with LTO 1935785 - Linker garbage collection removes weak alias references (possibly "regression" of bz1804325) 1937784 - CVE-2021-20284 binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c 1946518 - binutils-2.30-98 are causing go binaries to crash due to segmentation fault on aarch64 1946977 - pthread_join segfaults in stack unwinding 1947111 - CVE-2021-3487 binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() 1950478 - CVE-2020-35448 binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c 1969775 - /usr/bin/ld: Dwarf Error: Offset (2487097600) greater than or equal to .debug_str size (571933). 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: binutils-debuginfo-2.30-108.el8.aarch64.rpm binutils-debugsource-2.30-108.el8.aarch64.rpm binutils-devel-2.30-108.el8.aarch64.rpm ppc64le: binutils-debuginfo-2.30-108.el8.ppc64le.rpm binutils-debugsource-2.30-108.el8.ppc64le.rpm binutils-devel-2.30-108.el8.ppc64le.rpm s390x: binutils-debuginfo-2.30-108.el8.s390x.rpm binutils-debugsource-2.30-108.el8.s390x.rpm binutils-devel-2.30-108.el8.s390x.rpm x86_64: binutils-debuginfo-2.30-108.el8.i686.rpm binutils-debuginfo-2.30-108.el8.x86_64.rpm binutils-debugsource-2.30-108.el8.i686.rpm binutils-debugsource-2.30-108.el8.x86_64.rpm binutils-devel-2.30-108.el8.i686.rpm binutils-devel-2.30-108.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: binutils-2.30-108.el8.src.rpm aarch64: binutils-2.30-108.el8.aarch64.rpm binutils-debuginfo-2.30-108.el8.aarch64.rpm binutils-debugsource-2.30-108.el8.aarch64.rpm ppc64le: binutils-2.30-108.el8.ppc64le.rpm binutils-debuginfo-2.30-108.el8.ppc64le.rpm binutils-debugsource-2.30-108.el8.ppc64le.rpm s390x: binutils-2.30-108.el8.s390x.rpm binutils-debuginfo-2.30-108.el8.s390x.rpm binutils-debugsource-2.30-108.el8.s390x.rpm x86_64: binutils-2.30-108.el8.x86_64.rpm binutils-debuginfo-2.30-108.el8.x86_64.rpm binutils-debugsource-2.30-108.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-35448 https://access.redhat.com/security/cve/CVE-2021-3487 https://access.redhat.com/security/cve/CVE-2021-20197 https://access.redhat.com/security/cve/CVE-2021-20284 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrcWdzjgjWX9erEAQgOuA//ddTY+J3xDL8Z+2Gi+qcbItkoW0B8nKrt hqWmx6c/KlhAtLnAbIh18N+1uPMAXGNZcKHtCJfFSIAP3B71jDBqA+CRqlhiapmg ze4qYNpUwBg0e2c/6w0V5GYhIXpdsyiKXTpjmnaxnzW61tiCCWFBZoWpzJjSId1X yR7vHjDaXT1CZl0fHS/5Y9NfK/7jjgkJv7U7wcUxEsy6bMQIzM0nMLZauVmIrsC0 vu1bhQifEJH1mnoykfnlRVSEe+qGMrEtnOCnos8GTGChmVt4bgogpb5oE4JFm+bs ufjpRwSC1X5XRv9aqTX/ixIFLCeFpZkYhFLUlZqYHNKRcRlcqz5MLFA6KYdTj9zt 2ygqd5o26ml7gVHyA+BGE/pzd5m9YTzNvrWbC/ZV6loHM1nHUIBW/Y+hneSWTCkH x1LCmTnYxyPz0ZjySbCy03SJPrRewe/xPlxJlCmqLfVh+hEvCHsSw9hnYC3+pvMB xIl5HNf34dc/lJsPXo65owsDNcTlKF7gfVG3eKjcNnu1Uh9LzCYG8PKMtougZgV3 mAviF8MhgWVLXJTo6BXtF605ivViFoyis0bFJCV6uihV+nfAesWVN3rnIeDMh2sV EA9zQyxzy2nQsDMJ4eLV5ckrl7YzGsJt+B9jwLXbGkpjQm+bCrds41k9gLjQEiHE Vm3qGf43D60+Ds -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1168 - Disable hostname verification in syslog TLS settings LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd LOG-1375 - ssl_ca_cert should be optional LOG-1378 - CLO should support sasl_plaintext(Password over http) LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate LOG-1494 - Syslog output is serializing json incorrectly LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing LOG-1735 - Regression introducing flush_at_shutdown LOG-1774 - The collector logs should be excluded in fluent.conf LOG-1776 - fluentd total_limit_size sets value beyond available space LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL LOG-1903 - Fix the Display of ClusterLogging type in OLM LOG-1911 - CLF API changes to Opt-in to multiline error detection LOG-1918 - Alert `FluentdNodeDown` always firing LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU Binutils: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #778545, #792342, #829304 ID: 202208-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service. Background ========= The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-devel/binutils < 2.38 >= 2.38 2 sys-libs/binutils-libs < 2.38 >= 2.38 Description ========== Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Binutils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.38" All Binutils library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/binutils-libs-2.38" References ========= [ 1 ] CVE-2021-3487 https://nvd.nist.gov/vuln/detail/CVE-2021-3487 [ 2 ] CVE-2021-3530 https://nvd.nist.gov/vuln/detail/CVE-2021-3530 [ 3 ] CVE-2021-3549 https://nvd.nist.gov/vuln/detail/CVE-2021-3549 [ 4 ] CVE-2021-20197 https://nvd.nist.gov/vuln/detail/CVE-2021-20197 [ 5 ] CVE-2021-20284 https://nvd.nist.gov/vuln/detail/CVE-2021-20284 [ 6 ] CVE-2021-20294 https://nvd.nist.gov/vuln/detail/CVE-2021-20294 [ 7 ] CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-30 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

post link

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-11-23T19:28:36.106000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE