-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: devtoolset-12-binutils security update Advisory ID: RHSA-2023:3269-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2023:3269 Issue date: 2023-05-23 CVE Names: CVE-2021-3826 CVE-2022-4285 ===================================================================== 1. Summary: An update for devtoolset-12-binutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL Workstation(v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Software Collections for RHEL(v. 7) - x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault (CVE-2022-4285) * libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c (CVE-2021-3826) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2122627 - CVE-2021-3826 libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c 2150768 - CVE-2022-4285 binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault 6. Package List: Red Hat Software Collections for RHEL Workstation(v. 7): Source: devtoolset-12-binutils-2.36.1-6.el7.src.rpm ppc64: devtoolset-12-binutils-2.36.1-6.el7.ppc64.rpm devtoolset-12-binutils-debuginfo-2.36.1-6.el7.ppc64.rpm devtoolset-12-binutils-devel-2.36.1-6.el7.ppc64.rpm ppc64le: devtoolset-12-binutils-2.36.1-6.el7.ppc64le.rpm devtoolset-12-binutils-debuginfo-2.36.1-6.el7.ppc64le.rpm devtoolset-12-binutils-devel-2.36.1-6.el7.ppc64le.rpm s390x: devtoolset-12-binutils-2.36.1-6.el7.s390x.rpm devtoolset-12-binutils-debuginfo-2.36.1-6.el7.s390x.rpm devtoolset-12-binutils-devel-2.36.1-6.el7.s390x.rpm x86_64: devtoolset-12-binutils-2.36.1-6.el7.i686.rpm devtoolset-12-binutils-2.36.1-6.el7.x86_64.rpm devtoolset-12-binutils-debuginfo-2.36.1-6.el7.i686.rpm devtoolset-12-binutils-debuginfo-2.36.1-6.el7.x86_64.rpm devtoolset-12-binutils-devel-2.36.1-6.el7.i686.rpm devtoolset-12-binutils-devel-2.36.1-6.el7.x86_64.rpm Red Hat Software Collections for RHEL(v. 7): Source: devtoolset-12-binutils-2.36.1-6.el7.src.rpm x86_64: devtoolset-12-binutils-2.36.1-6.el7.i686.rpm devtoolset-12-binutils-2.36.1-6.el7.x86_64.rpm devtoolset-12-binutils-debuginfo-2.36.1-6.el7.i686.rpm devtoolset-12-binutils-debuginfo-2.36.1-6.el7.x86_64.rpm devtoolset-12-binutils-devel-2.36.1-6.el7.i686.rpm devtoolset-12-binutils-devel-2.36.1-6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3826 https://access.redhat.com/security/cve/CVE-2022-4285 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZG4WvtzjgjWX9erEAQhf7RAAjkveLrq99DD50RNZ7r0G09tRyHVaqzzD O0lQArdMb/A8oS5NCAkZMRHLq+9f37hocX5+qMIeKhFrdRIOGU57QtODviC2sSyk FC7bHDMQMtIRtcO9QhnQI8qfPF4STjgfAYX8ZP8svV4hGMoYe3C5ubb5ZdOhf2oK 18nn3BOAh1P+Autk9pLMYP1vEA2t8snjLgzoI65vvSNWc94/4VtX4vNonNcZxh0b en6PQ7Ep3vbZd80tSPD7s+M25ZGo3/g6vdm0QIumTiir8qVdvHWVhVOOt6LH1duw GAMQAp3N8nBIqsCB3Vs5cQDM/6+zqxy3R2GFJMoljb/lVRlBbCe1zXf4udV+K+EU p1De2RtK+NO/0WKFSHGdRVPe5Ub43kQVvyHCaTMzGeFsiGQcO+dH4jIcJcNbNX6K n1XG3Niq7Yts+dNaJ6iUQM+a9w4jn0DYW+lxiCf1k7DhAt1svdM8oNHTtRT3ftJW s5+78TtvbaO4emziyTCM0Yv0D+e/fCUcMOJYwC3Uib2qCzUEThHXpNEKZIAA2J5V iUO0QuqGitIn5dV2AoOpNLHYMNKIdbuvkOqpLGulkHS1Logw4i+xr48BLkMROQuM AwCv/Y9p4gW3eMka2vDw/WD/RreVCaaiZWERE4eQ4rP67G+SnJu54qloKhe30fMK n5SNwgUXhwE= =yGX5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce