Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-5341-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.12.2022.5341.1

Category: Ubuntu Local Security Checks

Title: Ubuntu: Security Advisory (USN-5341-1)

Summary: The remote host is missing an update for the 'binutils' package(s) announced via the USN-5341-1 advisory.

Description: Summary:
The remote host is missing an update for the 'binutils' package(s) announced via the USN-5341-1 advisory.

Vulnerability Insight:
It was discovered that GNU binutils incorrectly handled checks for memory
allocation when parsing relocs in a corrupt file. An attacker could possibly
use this issue to cause a denial of service. (CVE-2017-17122)

It was discovered that GNU binutils incorrectly handled certain corrupt DWARF
debug sections. An attacker could possibly use this issue to cause GNU
binutils to consume memory, resulting in a denial of service. (CVE-2021-3487)

It was discovered that GNU binutils incorrectly performed bounds checking
operations when parsing stabs debugging information. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2021-45078)

Affected Software/OS:
'binutils' package(s) on Ubuntu 16.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-17122
https://security.gentoo.org/glsa/201811-17
https://sourceware.org/bugzilla/show_bug.cgi?id=22508
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f
Common Vulnerability Exposure (CVE) ID: CVE-2021-3487
Common Vulnerability Exposure (CVE) ID: CVE-2021-45078
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/
https://security.gentoo.org/glsa/202208-30
https://sourceware.org/bugzilla/show_bug.cgi?id=28694
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.12.2022.5341.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5341-1)
Summary:	The remote host is missing an update for the 'binutils' package(s) announced via the USN-5341-1 advisory.
Description:	Summary: The remote host is missing an update for the 'binutils' package(s) announced via the USN-5341-1 advisory. Vulnerability Insight: It was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-17122) It was discovered that GNU binutils incorrectly handled certain corrupt DWARF debug sections. An attacker could possibly use this issue to cause GNU binutils to consume memory, resulting in a denial of service. (CVE-2021-3487) It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-45078) Affected Software/OS: 'binutils' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-17122 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22508 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f Common Vulnerability Exposure (CVE) ID: CVE-2021-3487 Common Vulnerability Exposure (CVE) ID: CVE-2021-45078 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/ https://security.gentoo.org/glsa/202208-30 https://sourceware.org/bugzilla/show_bug.cgi?id=28694 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
Copyright	Copyright (C) 2022 Greenbone AG