Lucene search

K

Gentoo FoundationGLSA-202309-15

HistorySep 30, 2023 - 12:00 a.m.

GNU Binutils: Multiple Vulnerabilities

2023-09-3000:00:00

Gentoo Foundation

security.gentoo.org

28

gnu binutils

vulnerabilities

upgrade

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

40.1%

Background

The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.

Description

Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All GNU Binutils users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.40"

OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-devel/binutils< 2.40UNKNOWN

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

40.1%

Related for GLSA-202309-15

nessus52 openvas31 redos2 osv19 ubuntucve6 redhatcve6 cvelist6 veracode6 cve5 cbl_mariner10 nvd5 debiancve5 alpinelinux5 cgr4 wolfi4 ubuntu3 prion2 cloudfoundry2 photon1 fedora10 redhat5 almalinux4 ibm1 rocky1 oraclelinux4