Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBBA5D232547229693AF0B026B382F747BA13ED8715552A4AA7F0C2767B751092
HistoryDec 17, 2018 - 2:20 p.m.

Security Bulletin: Vulnerabilities in GNU binutils affect PowerKVM

2018-12-1714:20:01
www.ibm.com
20

0.01 Low

EPSS

Percentile

83.3%

JSON

Summary

PowerKVM is affected by vulnerabilities in GNU binutils. IBM has now addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-13033 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an error in the _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c in GNU libiberty. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145673&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-10535 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142629&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-10534 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds memory write in the _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142630&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-10373 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142402&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-10372 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by heap-based buffer over-read in process_cu_tu_index in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142399&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-8945 DESCRIPTION: GNU Binutils libbfd is vulnerable to a denial of service, caused by an error in the bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By using a large attribute section, a remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140738&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7643 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the display_debug_ranges function in dwarf.c. By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139809&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7642 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by aout_32_swap_std_reloc_out NULL pointer dereference in the swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139810&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7208 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a flaw in the coff_pointerize_aux function in coffgen.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139203&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-7569 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer underflow or overflow in the read_attribute_value function in dwarf2.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with a corrupt DWARF FORM block, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139774&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7568 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by integer overflow in the parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139775&gt; for the current score
CVSS Environmental Score*: Undefined

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 16.

Workarounds and Mitigations

none

CPENameOperatorVersion
powerkvmeq3.1

Related

nessus 45
redhat 1
centos 1
oraclelinux 1
openvas 21
amazon 1
photon 7
f5 3
suse 4
ubuntucve 11
ibm 3
gentoo 2
cvelist 11
cve 12
redhatcve 12
debiancve 11
osv 11
prion 11
nvd 12
veracode 11
cloudlinux 2
alpinelinux 6
nessus
nessus
Scientific Linux Security Update : binutils on SL7.x x86_64 (20181030)
2018-11-27 00:00:00
Oracle Linux 7 : binutils (ELSA-2018-3032)
2018-11-07 00:00:00
CentOS 7 : binutils (CESA-2018:3032)
2018-11-16 00:00:00
redhat
redhat
(RHSA-2018:3032) Low: binutils security, bug fix, and enhancement update
2018-10-30 04:11:05
centos
centos
binutils security update
2018-11-15 18:43:31
oraclelinux
oraclelinux
binutils security, bug fix, and enhancement update
2018-11-05 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1377)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1426)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1400)
2020-01-23 00:00:00
amazon
amazon
Low: binutils
2019-01-07 21:47:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0064
2018-06-29 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0154
2018-06-28 00:00:00
Critical Photon OS Security Update - PHSA-2018-0064
2018-06-29 00:00:00
f5
f5
K72122162 : Binutils vulnerabilities CVE-2018-7569 and CVE-2018-10373
2018-07-23 00:00:00
K20503360 : Binutils vulnerability CVE-2018-13033
2018-07-23 00:00:00
K62553631 : Binutils vulnerabilities CVE-2018-7570, CVE-2018-9996, and CVE-2018-10372
2018-07-23 00:00:00
suse
suse
Security update for binutils (moderate)
2018-10-23 15:22:34
Security update for binutils (moderate)
2019-11-05 00:00:00
Security update for binutils (moderate)
2019-10-30 00:00:00
ubuntucve
ubuntucve
CVE-2018-13033
2018-07-01 00:00:00
CVE-2018-10372
2018-04-25 00:00:00
CVE-2018-10534
2018-04-29 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in GNU binutils affect IBM Netezza Analytics
2019-10-18 03:36:34
Security Bulletin: Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local
2019-12-20 14:31:33
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.
2019-10-18 03:36:34
gentoo
gentoo
Binutils: Multiple vulnerabilities
2019-08-03 00:00:00
Binutils: Multiple vulnerabilities
2018-11-27 00:00:00
cvelist
cvelist
CVE-2018-13033
2018-07-01 16:00:00
CVE-2018-10372
2018-04-25 09:00:00
CVE-2018-10534
2018-04-29 15:00:00
cve
cve
CVE-2018-10534
2018-04-29 15:29:00
CVE-2018-10373
2018-04-25 09:29:00
CVE-2018-10372
2018-04-25 09:29:00
redhatcve
redhatcve
CVE-2018-10372
2019-12-23 21:25:49
CVE-2018-10534
2018-05-03 21:18:35
CVE-2018-10373
2020-03-31 07:58:57
debiancve
debiancve
CVE-2018-10534
2018-04-29 15:29:00
CVE-2018-10372
2018-04-25 09:29:00
CVE-2018-10535
2018-04-29 15:29:00
osv
osv
CVE-2018-10373
2018-04-25 09:29:00
CVE-2018-10372
2018-04-25 09:29:00
CVE-2018-7569
2018-02-28 21:29:00
prion
prion
Null pointer dereference
2018-04-25 09:29:00
Heap overflow
2018-04-25 09:29:00
Null pointer dereference
2018-04-29 15:29:00
nvd
nvd
CVE-2018-10373
2018-04-25 09:29:00
CVE-2018-7569
2018-02-28 21:29:00
CVE-2018-10535
2018-04-29 15:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:54:32
Denial Of Service (DoS)
2019-05-16 03:54:32
Denial Of Service (DoS)
2019-01-15 09:26:33
cloudlinux
cloudlinux
Fix of 36 CVEs
2021-12-27 16:08:07
Fix of CVE: CVE-2018-18605, CVE-2019-12972, CVE-2016-4490, CVE-2018-6543, CVE-2018-19931, CVE-2018-10535, CVE-2019-17450, CVE-2018-7643, CVE-2016-4487, CVE-2016-4492, CVE-2018-20002, CVE-2018-1000876, CVE-2019-9073, CVE-2019-9075, CVE-2018-20671, CVE-2016-4488, CVE-2018-7568, CVE-2018-7642, CVE-2018-10373, CVE-2018-6323, CVE-2016-2226, CVE-2016-4493, CVE-2018-19932, CVE-2018-6759, CVE-2019-9077, CVE-2018-18607, CVE-2018-8945, CVE-2018-7208, CVE-2016-6131, CVE-2018-13033, CVE-2018-20623, CVE-2019-14444, CVE-2018-18309, CVE-2018-18606, CVE-2018-7569, CVE-2016-4489
2021-12-16 16:02:14
alpinelinux
alpinelinux
CVE-2018-7569
2018-02-28 21:29:00
CVE-2018-7568
2018-02-28 21:29:00
CVE-2018-7642
2018-03-02 15:29:00

0.01 Low

EPSS

Percentile

83.3%

JSON
Related for BBA5D232547229693AF0B026B382F747BA13ED8715552A4AA7F0C2767B751092
nessus45redhat1centos1oraclelinux1openvas21amazon1photon7f53suse4ubuntucve11ibm3gentoo2cvelist11cve12redhatcve12debiancve11osv11prion11nvd12veracode11cloudlinux2alpinelinux6