Synopsis: Low: binutils security, bug fix, and enhancement update Advisory ID: SLSA-2018:3032-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-13033 -- Security Fix(es): * binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208) * binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568) * binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569) * binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642) * binutils: Integer overflow in the display_debug_ranges function resulting in crash (CVE-2018-7643) * binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945) * binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372) * binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373) * binutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534) * binutils: NULL pointer dereference in elf.c (CVE-2018-10535) * binutils: Uncontrolled Resource Consumption in execution of nm (CVE-2018-13033) -- SL7 x86_64 binutils-2.27-34.base.el7.x86_64.rpm binutils-debuginfo-2.27-34.base.el7.x86_64.rpm binutils-debuginfo-2.27-34.base.el7.i686.rpm binutils-devel-2.27-34.base.el7.i686.rpm binutils-devel-2.27-34.base.el7.x86_64.rpm - Scientific Linux Development Team