Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0341)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0341

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0341)

Zusammenfassung: The remote host is missing an update for the 'binutils' package(s) announced via the MGASA-2021-0341 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'binutils' package(s) announced via the MGASA-2021-0341 advisory.

Vulnerability Insight:
This update provides binutils 2.36.1 and fixes at least the following security
issues:

There's a flaw in the BFD library of binutils in versions before 2.36. An
attacker who supplies a crafted file to an application linked with BFD, and
using the DWARF functionality, could cause an impact to system availability
by way of excessive memory consumption (CVE-2021-3487).

There is an open race window when writing output in the following utilities
in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When
these utilities are run as a privileged user (presumably as part of a script
updating binaries across different users), an unprivileged user can trick
these utilities into getting ownership of arbitrary files through a symlink
(CVE-2021-20197).

For more info about the 2.36 update, see the sourceware link.

Affected Software/OS:
'binutils' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
3.3

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-20197
GLSA-202208-30
https://security.gentoo.org/glsa/202208-30
https://bugzilla.redhat.com/show_bug.cgi?id=1913743
https://security.netapp.com/advisory/ntap-20210528-0009/
https://sourceware.org/bugzilla/show_bug.cgi?id=26945
Common Vulnerability Exposure (CVE) ID: CVE-2021-3487

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0341
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0341)
Zusammenfassung:	The remote host is missing an update for the 'binutils' package(s) announced via the MGASA-2021-0341 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'binutils' package(s) announced via the MGASA-2021-0341 advisory. Vulnerability Insight: This update provides binutils 2.36.1 and fixes at least the following security issues: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption (CVE-2021-3487). There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink (CVE-2021-20197). For more info about the 2.36 update, see the sourceware link. Affected Software/OS: 'binutils' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 3.3 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-20197 GLSA-202208-30 https://security.gentoo.org/glsa/202208-30 https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://security.netapp.com/advisory/ntap-20210528-0009/ https://sourceware.org/bugzilla/show_bug.cgi?id=26945 Common Vulnerability Exposure (CVE) ID: CVE-2021-3487
Copyright	Copyright (C) 2022 Greenbone AG