СloudLinux Blog

CloudLinux OS 6 ELS: binutils package has been scheduled for gradual rollout

Written by Inessa Atmachian | Nov 25, 2021 7:38:40 PM

A new updated binutils package within CloudLinux OS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 2
Rolled out to: 0.1%
ETA for 100% rollout: December 8

Changelog

binutils-2.20.51.0.2-5.48.1.el6.tuxcare.els2

  • Fix global buffer overflow (of size 1) (CVE-2017-7223)
  • Fix invalid write (of size 1) while disassembling (CVE-2017-7224)
  • Fix NULL pointer dereference and an invalid write (CVE-2017-7225)
  • Fix heap-based buffer over-read of size 4049 (CVE-2017-7226)
  • Fix heap-based buffer overflow (CVE-2017-7227)
  • Fix invalid read (of size 8) in ELF reloc section (CVE-2017-7299)
  • Fix heap-based buffer over-read (off-by-one) (CVE-2017-7300)
  • Fix off-by-one vulnerability (CVE-2017-7301)
  • Fix invalid read (of size 4) (CVE-2017-7302)
  • Fix undefined behavior issue (CVE-2017-7614)
  • Fix global buffer over-read error (CVE-2017-8393)
  • Fix invalid read of size 4 due to NULL pointer dereferencing (CVE-2017-8394)
  • Fix invalid read of size 1 during dumping of debug information (CVE-2017-8398)
  • Fix memory leak vulnerability (CVE-2017-8421)
  • Fix buffer overflow (CVE-2017-9742)
  • Fix buffer overflow (CVE-2017-9744)
  • Fix buffer overflow (CVE-2017-9747)
  • Fix buffer overflow (CVE-2017-9748)
  • Fix buffer overflow (CVE-2017-9749)
  • Fix buffer overflow (CVE-2017-9753)
  • Fix buffer overflow (CVE-2017-9754)
  • Fix use after free (CVE-2017-12448)
  • Fix out of bounds heap read (CVE-2017-12449)
  • Fix out of bounds heap read (CVE-2017-12455)
  • Fix NULL dereference (CVE-2017-12457)
  • Fix out of bounds heap read (CVE-2017-12458)
  • Fix out of bounds heap write (CVE-2017-12459)
  • Fix out of bounds heap write (CVE-2017-12450)
  • Fix out of bounds heap read (CVE-2017-12452)
  • Fix out of bounds heap read (CVE-2017-12453)
  • Fix arbitrary memory read (CVE-2017-12454)
  • Fix out of bounds heap read (CVE-2017-12456)
  • Fix integer overflow, and hang because of a time-consuming loop (CVE-2017-14333)
  • Fix out of bounds stack read (CVE-2017-12451)
  • Fix buffer overflow (CVE-2017-12799)
  • Fix NULL pointer dereference (CVE-2017-13710)
  • Fix _bfd_elf_attr_strdup heap-based buffer over-read (CVE-2017-14130)
  • Fix infinite loop (CVE-2017-14932)
  • Fix excessive memory allocation (CVE-2017-14938)
  • Fix NULL pointer dereference (CVE-2017-14940)
  • Fix parse_die heap-based buffer over-read (CVE-2017-15020)
  • Fix bfd_hash_hash NULL pointer dereference (CVE-2017-15022)
  • Fix divide-by-zero error (CVE-2017-15225)
  • Fix find_abstract_instance_name invalid memory read, segmentation fault (CVE-2017-15938)
  • Fix NULL pointer dereference (CVE-2017-15939)
  • Fix buffer overflow on fuzzed archive header (CVE-2017-15996)
  • Fix invalid memory access (CVE-2017-16826)
  • Fix slurp_symtab invalid free (CVE-2017-16827)
  • Fix integer overflow and heap-based buffer over-read (CVE-2017-16828)
  • Fix integer overflow or excessive memory allocation (CVE-2017-16831)
  • Fix bfd_getl32 heap-based buffer over-read (CVE-2017-17080)
  • Fix invalid read of size 1 (CVE-2017-8396)
  • Fix memory access violation (CVE-2017-17121)
  • Fix NULL pointer dereference (CVE-2017-17123)
  • Fix excessive memory consumption or heap-based buffer overflow (CVE-2017-17124)
  • Fix buffer over-read (CVE-2017-17125)

Update command

yum update binutils*

Immediate update (via bypass)

yum update binutils* --enablerepo=cloudlinux-rollout-2-bypass
View full post