Rapid7 Vulnerability & Exploit Database

RHSA-2015:2079: binutils security, bug fix, and enhancement update

Back to Search

RHSA-2015:2079: binutils security, bug fix, and enhancement update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/09/2014
Created
07/25/2018
Added
11/20/2015
Modified
07/04/2017

Description

The binutils packages provide a set of binary utilities.Multiple buffer overflow flaws were found in the libbdf library used byvarious binutils utilities. If a user were tricked into processing aspecially crafted file with an application using the libbdf library, itcould cause the application to crash or, potentially, execute arbitrarycode. (CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503,CVE-2014-8504, CVE-2014-8738)An integer overflow flaw was found in the libbdf library used by variousbinutils utilities. If a user were tricked into processing a speciallycrafted file with an application using the libbdf library, it could causethe application to crash. (CVE-2014-8484)A directory traversal flaw was found in the strip and objcopy utilities.A specially crafted file could cause strip or objdump to overwrite anarbitrary file writable by the user running either of these utilities.(CVE-2014-8737)This update fixes the following bugs:The update adds these enhancements:All binutils users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add theseenhancements.

Solution(s)

  • redhat-upgrade-binutils
  • redhat-upgrade-binutils-debuginfo
  • redhat-upgrade-binutils-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;