Test ID:	1.3.6.1.4.1.25623.1.0.122749
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2015-2079)
Summary:	The remote host is missing an update for the 'binutils' package(s) announced via the ELSA-2015-2079 advisory.
Description:	Summary: The remote host is missing an update for the 'binutils' package(s) announced via the ELSA-2015-2079 advisory. Vulnerability Insight: [2.23.52.0.1-55] - Add missing delta to patch that fixes parsing corrupted archives. (#1162666) [2.23.52.0.1-54] - Import patch for PR 18270: Create AArch64 GOT entries for local symbols. (#1238783) [2.23.52.0.1-51] - Fix incorrectly generated binaries and DSOs on PPC platforms. (#1247126) [2.23.52.0.1-50] - Fix memory corruption parsing corrupt archives. (#1162666) [2.23.52.0.1-49] - Fix directory traversal vulnerability. (#1162655) [2.23.52.0.1-48] - Fix stack overflow in SREC parser. (#1162621) [2.23.52.0.1-47] - Fix stack overflow whilst parsing a corrupt iHex file. (#1162607) [2.23.52.0.1-46] - Fix out of bounds memory accesses when parsing corrupt PE binaries. (#1162594, #1162570) [2.23.52.0.1-45] - Change strings program to default to -a. Fix problems parsing files containing corrupt ELF group sections. (#1157276) [2.23.52.0.1-44] - Avoid reading beyond function boundary when disassembling. (#1060282) - For binary output, we don't have an ELF bfd output so can't access elf_elfheader. (#1226864) [2.23.52.0.1-43] - Don't discard stap probe note sections on aarch64 (#1225091) [2.23.52.0.1-42] - Clamp maxpagesize at 1 (rather than 0) to avoid segfaults in the linker when passed a bogus max-page-size argument. (#1203449) [2.23.52.0.1-41] - Fixup bfd elf_link_add_object_symbols for ppc64 to prevent subsequent uninitialized accesses elsewhere. (#1172766) [2.23.52.0.1-40] - Minor testsuite adjustments for PPC changes in -38/-39. (#1183838) Fix md_assemble for PPC to handle arithmetic involving the TOC better. (#1183838) [2.23.52.0.1-39] - Fix ppc64: segv in libbfd (#1172766). [2.23.52.0.1-38] - Unconditionally apply ppc64le patches (#1183838). [2.23.52.0.1-37] - Andreas's backport of z13 and dependent fixes for s390, including tesetcase fix from Apr 27, 2015. (#1182153) [2.23.52.0.1-35] - Fixup testsuite for AArch64 (#1182111) - Add support for @localentry for LE PPC64 (#1194164) [2.23.52.0.1-34] - Do not install windmc(1) man page (#850832) [2.23.52.0.1-33] - Don't replace R_390_TLS_LE{32,64} with R_390_TLS_TPOFF for PIE (#872148) - Enable relro by default for arm and aarch64 (#1203449) - Backport 3 RELRO improvements for ppc64/ppc64le from upstream (#1175624) [2.23.52.0.1-31] - Backport upstream RELRO fixes. (#1200138) Affected Software/OS: 'binutils' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8484 BugTraq ID: 70714 http://www.securityfocus.com/bid/70714 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html https://security.gentoo.org/glsa/201612-24 http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 http://openwall.com/lists/oss-security/2014/10/23/5 http://www.openwall.com/lists/oss-security/2014/10/26/2 http://secunia.com/advisories/62241 http://secunia.com/advisories/62746 http://www.ubuntu.com/usn/USN-2496-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8485 BugTraq ID: 70741 http://www.securityfocus.com/bid/70741 http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8501 BugTraq ID: 70866 http://www.securityfocus.com/bid/70866 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://www.openwall.com/lists/oss-security/2014/10/26/3 http://www.openwall.com/lists/oss-security/2014/10/31/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8502 BugTraq ID: 70869 http://www.securityfocus.com/bid/70869 Common Vulnerability Exposure (CVE) ID: CVE-2014-8503 BugTraq ID: 70868 http://www.securityfocus.com/bid/70868 Common Vulnerability Exposure (CVE) ID: CVE-2014-8504 BugTraq ID: 70761 http://www.securityfocus.com/bid/70761 http://www.openwall.com/lists/oss-security/2014/10/27/4 http://www.openwall.com/lists/oss-security/2014/10/27/5 Common Vulnerability Exposure (CVE) ID: CVE-2014-8737 BugTraq ID: 70908 http://www.securityfocus.com/bid/70908 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html http://www.openwall.com/lists/oss-security/2014/11/13/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8738 BugTraq ID: 71083 http://www.securityfocus.com/bid/71083 Debian Security Information: DSA-3123 (Google Search) http://www.debian.org/security/2015/dsa-3123 http://www.openwall.com/lists/oss-security/2014/11/02/4 http://www.openwall.com/lists/oss-security/2014/11/05/7 http://www.openwall.com/lists/oss-security/2014/11/13/2
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.