Test ID:	1.3.6.1.4.1.25623.1.1.4.2023.3825.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2023:3825-1)
Summary:	The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2023:3825-1 advisory.
Description:	Summary: The remote host is missing an update for the 'binutils' package(s) announced via the SUSE-SU-2023:3825-1 advisory. Vulnerability Insight: This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementation-specific integer instructions. * Objdump's --private option can now be used on PE format files to display the fields in the file header and section headers. * New versioned release of libsframe: libsframe.so.1. This release introduces versioned symbols with version node name LIBSFRAME_1.0. This release also updates the ABI in an incompatible way: this includes removal of sframe_get_funcdesc_with_addr API, change in the behavior of sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. * SFrame Version 2 is now the default (and only) format version supported by gas, ld, readelf and objdump. * Add command-line option, --strip-section-headers, to objcopy and strip to remove ELF section header from ELF file. * The RISC-V port now supports the following new standard extensions: - Zicond (conditional zero instructions) - Zfa (additional floating-point instructions) - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) * The RISC-V port now supports the following vendor-defined extensions: - XVentanaCondOps * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. * A new .insn directive is recognized by x86 gas. * Add SME2 support to the AArch64 port. * The linker now accepts a command line option of --remap-inputs = to relace any input file that matches with . In addition the option --remap-inputs-file= can be used to specify a file containing any number of these remapping directives. * The linker command line option --print-map-locals can be used to include local symbols in a linker map. (ELF targets only). * For most ELF based targets, if the --enable-linker-version option is used then the version of the linker will be inserted as a string into the .comment section. * The linker script syntax has a new command for output sections: ASCIZ 'string' This will insert a zero-terminated string at the current location. * Add command-line option, -z nosectionheader, to omit ELF section header. - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1209642 aka CVE-2023-1579 aka PR29988 * bsc#1210297 aka CVE-2023-1972 aka PR30285 * bsc#1210733 aka CVE-2023-2222 aka PR29936 * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) * bsc#1214565 aka CVE-2020-19726 aka PR26240 * bsc#1214567 aka CVE-2022-35206 aka PR29290 * bsc#1214579 aka CVE-2022-35205 aka PR29289 * bsc#1214580 aka CVE-2022-44840 aka PR29732 * bsc#1214604 aka CVE-2022-45703 aka PR29799 * bsc#1214611 aka CVE-2022-48065 aka PR29925 * ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'binutils' package(s) on SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server 15-SP2, SUSE Linux Enterprise Server 15-SP3, SUSE Linux Enterprise Server for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP Applications 15-SP2, SUSE Linux Enterprise Server for SAP Applications 15-SP3. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:A/AC:H/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-19726 https://sourceware.org/bugzilla/show_bug.cgi?id=26240 https://sourceware.org/bugzilla/show_bug.cgi?id=26241 Common Vulnerability Exposure (CVE) ID: CVE-2021-32256 https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070 Common Vulnerability Exposure (CVE) ID: CVE-2022-35205 https://sourceware.org/bugzilla/show_bug.cgi?id=29289 Common Vulnerability Exposure (CVE) ID: CVE-2022-35206 https://sourceware.org/bugzilla/show_bug.cgi?id=29290 Common Vulnerability Exposure (CVE) ID: CVE-2022-4285 https://security.gentoo.org/glsa/202309-15 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Common Vulnerability Exposure (CVE) ID: CVE-2022-44840 https://sourceware.org/bugzilla/show_bug.cgi?id=29732 Common Vulnerability Exposure (CVE) ID: CVE-2022-45703 https://sourceware.org/bugzilla/show_bug.cgi?id=29799 Common Vulnerability Exposure (CVE) ID: CVE-2022-47673 https://sourceware.org/bugzilla/show_bug.cgi?id=29876 Common Vulnerability Exposure (CVE) ID: CVE-2022-47695 https://sourceware.org/bugzilla/show_bug.cgi?id=29846 Common Vulnerability Exposure (CVE) ID: CVE-2022-47696 https://sourceware.org/bugzilla/show_bug.cgi?id=29677 Common Vulnerability Exposure (CVE) ID: CVE-2022-48063 https://sourceware.org/bugzilla/show_bug.cgi?id=29924 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Common Vulnerability Exposure (CVE) ID: CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931 Common Vulnerability Exposure (CVE) ID: CVE-2022-48065 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG/ https://sourceware.org/bugzilla/show_bug.cgi?id=29925 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a Common Vulnerability Exposure (CVE) ID: CVE-2023-0687 https://patchwork.sourceware.org/project/glibc/patch/20230204114138.5436-1-leo@yuriev.ru/ https://sourceware.org/bugzilla/show_bug.cgi?id=29444 https://vuldb.com/?ctiid.220246 https://vuldb.com/?id.220246 Common Vulnerability Exposure (CVE) ID: CVE-2023-1579 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11d171f1910b508a81d21faa087ad1af573407d8 https://sourceware.org/bugzilla/show_bug.cgi?id=29988 Common Vulnerability Exposure (CVE) ID: CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 Common Vulnerability Exposure (CVE) ID: CVE-2023-2222 Common Vulnerability Exposure (CVE) ID: CVE-2023-25585 RHBZ#2167498 https://bugzilla.redhat.com/show_bug.cgi?id=2167498 https://access.redhat.com/security/cve/CVE-2023-25585 https://sourceware.org/bugzilla/show_bug.cgi?id=29892 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 Common Vulnerability Exposure (CVE) ID: CVE-2023-25587 Common Vulnerability Exposure (CVE) ID: CVE-2023-25588 RHBZ#2167505 https://bugzilla.redhat.com/show_bug.cgi?id=2167505 https://access.redhat.com/security/cve/CVE-2023-25588 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.