Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1548)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.2.2020.1548

Categoría: Huawei EulerOS Local Security Checks

Título: Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1548)

Resumen: The remote host is missing an update for the Huawei EulerOS 'binutils' package(s) announced via the EulerOS-SA-2020-1548 advisory.

Descripción: Summary:
The remote host is missing an update for the Huawei EulerOS 'binutils' package(s) announced via the EulerOS-SA-2020-1548 advisory.

Vulnerability Insight:
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.(CVE-2019-9076)

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.(CVE-2019-9074)

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.(CVE-2019-14250)

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.(CVE-2019-9071)

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.(CVE-2019-9070)

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.(CVE-2018-20657)

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.(CVE-2018-18483)

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.(CVE-2018-20002)

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.(CVE-2019-14444)

Affected Software/OS:
'binutils' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-9070
BugTraq ID: 107147
http://www.securityfocus.com/bid/107147
https://security.gentoo.org/glsa/202107-24
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395
https://sourceware.org/bugzilla/show_bug.cgi?id=24229
https://usn.ubuntu.com/4326-1/
https://usn.ubuntu.com/4336-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9071
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394
https://sourceware.org/bugzilla/show_bug.cgi?id=24227
Common Vulnerability Exposure (CVE) ID: CVE-2019-9074
https://sourceware.org/bugzilla/show_bug.cgi?id=24235
SuSE Security Announcement: openSUSE-SU-2020:1790 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html
SuSE Security Announcement: openSUSE-SU-2020:1804 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-9076
https://sourceware.org/bugzilla/show_bug.cgi?id=24238

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2020.1548
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1548)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'binutils' package(s) announced via the EulerOS-SA-2020-1548 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'binutils' package(s) announced via the EulerOS-SA-2020-1548 advisory. Vulnerability Insight: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.(CVE-2019-9076) An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.(CVE-2019-9074) An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.(CVE-2019-14250) An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.(CVE-2019-9071) An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.(CVE-2019-9070) The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.(CVE-2018-20657) The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.(CVE-2018-18483) The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.(CVE-2018-20002) apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.(CVE-2019-14444) Affected Software/OS: 'binutils' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9070 BugTraq ID: 107147 http://www.securityfocus.com/bid/107147 https://security.gentoo.org/glsa/202107-24 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 https://sourceware.org/bugzilla/show_bug.cgi?id=24229 https://usn.ubuntu.com/4326-1/ https://usn.ubuntu.com/4336-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9071 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394 https://sourceware.org/bugzilla/show_bug.cgi?id=24227 Common Vulnerability Exposure (CVE) ID: CVE-2019-9074 https://sourceware.org/bugzilla/show_bug.cgi?id=24235 SuSE Security Announcement: openSUSE-SU-2020:1790 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html SuSE Security Announcement: openSUSE-SU-2020:1804 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2019-9076 https://sourceware.org/bugzilla/show_bug.cgi?id=24238
Copyright	Copyright (C) 2020 Greenbone Networks GmbH