PowerKVM is affected by vulnerabilities in GNU binutils. IBM has now addressed these vulnerabilities.
CVEID: CVE-2018-13033 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an error in the _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c in GNU libiberty. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145673> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10535 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142629> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10534 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds memory write in the _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142630> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10373 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142402> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10372 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by heap-based buffer over-read in process_cu_tu_index in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142399> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-8945 DESCRIPTION: GNU Binutils libbfd is vulnerable to a denial of service, caused by an error in the bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By using a large attribute section, a remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140738> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7643 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the display_debug_ranges function in dwarf.c. By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139809> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7642 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by aout_32_swap_std_reloc_out NULL pointer dereference in the swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139810> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7208 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a flaw in the coff_pointerize_aux function in coffgen.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139203> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-7569 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer underflow or overflow in the read_attribute_value function in dwarf2.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with a corrupt DWARF FORM block, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139774> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7568 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by integer overflow in the parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139775> for the current score
CVSS Environmental Score*: Undefined
PowerKVM 3.1
Customers can update PowerKVM systems by using “yum update”.
Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 16.
none