-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.6227
                       Security update for binutils
                             30 November 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           binutils
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-38533 CVE-2022-38127 CVE-2022-38126
                   CVE-2022-27943 CVE-2021-46195 CVE-2021-45078
                   CVE-2021-3826 CVE-2021-3648 CVE-2021-3530
                   CVE-2019-1010204  

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2022/suse-su-20224277-1

Comment: CVSS (Max):  6.6 CVE-2021-3826 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for binutils

______________________________________________________________________________

Announcement ID:   SUSE-SU-2022:4277-1
Rating:            important
References:        #1142579 #1185597 #1185712 #1188374 #1191473 #1191908
                   #1193929 #1194783 #1197592 #1198237 #1198458 #1202816
                   #1202966 #1202967 #1202969
Cross-References:  CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826
                   CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126
                   CVE-2022-38127 CVE-2022-38533
Affected Products:
                   SUSE Linux Enterprise Server 12-SP2-BCL
                   SUSE Linux Enterprise Server 12-SP3-BCL
                   SUSE Linux Enterprise Server 12-SP4-LTSS
                   SUSE Linux Enterprise Server 12-SP5
                   SUSE Linux Enterprise Server for SAP 12-SP4
                   SUSE Linux Enterprise Server for SAP Applications 12-SP5
                   SUSE Linux Enterprise Software Development Kit 12-SP5
                   SUSE OpenStack Cloud 9
                   SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________

An update that solves 10 vulnerabilities, contains 10 features and has 5 fixes
is now available.

Description:

This update for binutils fixes the following issues: The following security
bugs were fixed:

  o CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#
    1142579).
  o CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in
    rust-demangle.c (bsc#1185597).
  o CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#
    1188374).
  o CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function
    in d-demangle.c (bsc#1202969).
  o CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in
    stabs.c (bsc#1193929).
  o CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c
    (bsc#1194783).
  o CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592).
  o CVE-2022-38126: Fixed assertion fail in the display_debug_names() function
    in binutils/dwarf.c (bsc#1202966).
  o CVE-2022-38127: Fixed NULL pointer dereference in the
    read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967).
  o CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816).

The following non-security bugs were fixed:

  o SLE toolchain update of binutils, update to 2.39 from 2.37.
  o Update to 2.39: * The ELF linker will now generate a warning message if the
    stack is made executable. Similarly it will warn if the output binary
    contains a segment with all three of the read, write and execute permission
    bits set. These warnings are intended to help developers identify programs
    which might be vulnerable to attack via these executable memory regions.
    The warnings are enabled by default but can be disabled via a command line
    option. It is also possible to build a linker with the warnings disabled,
    should that be necessary. * The ELF linker now supports a
    --package-metadata option that allows embedding a JSON payload in
    accordance to the Package Metadata specification. * In linker scripts it is
    now possible to use TYPE= in an output section description to set the
    section type value. * The objdump program now supports coloured/colored
    syntax highlighting of its disassembler output for some architectures.
    (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a
    --no-weak/-W option to make it ignore weak symbols. * The readelf and
    objdump programs now support a -wE option to prevent them from attempting
    to access debuginfod servers when following links. * The objcopy program's
    --weaken, --weaken-symbol, and --weaken-symbols options now works with
    unique symbols as well.


  o Update to 2.38: * elfedit: Add --output-abiversion option to update
    ABIVERSION. * Add support for the LoongArch instruction set. * Tools which
    display symbols or strings (readelf, strings, nm, objdump) have a new
    command line option which controls how unicode characters are handled. By
    default they are treated as normal for the tool. Using --unicode=locale
    will display them according to the current locale. Using --unicode=hex will
    display them as hex byte values, whilst --unicode=escape will display them
    as escape sequences. In addition using --unicode=highlight will display
    them as unicode escape sequences highlighted in red (if supported by the
    output device). * readelf -r dumps RELR relative relocations now. * Support
    for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added
    to objcopy in order to enable UEFI development using binutils (bsc#
    1198458). * ar: Add --thin for creating thin archives. -T is a deprecated
    alias without diagnostics. In many ar implementations -T has a different
    meaning, as specified by X/Open System Interface. * Add support for AArch64
    system registers that were missing in previous releases. * Add support for
    the LoongArch instruction set. * Add a command-line option,
    -muse-unaligned-vector-move, for x86 target to encode aligned vector move
    as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add
    support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support
    for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME)
    for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option
    tells the assembler what to when it encoutners multibyte characters in the
    input. The default is to allow them. Setting the option to "warn" will
    generate a warning message whenever any multibyte character is encountered.
    Using the option to "warn-sym-only" will make the assembler generate a
    warning whenever a symbol is defined containing multibyte characters.
    (References to undefined symbols will not generate warnings). * Outputs of
    .ds.x directive and .tfloat directive with hex input from x86 assembler
    have been reduced from 12 bytes to 10 bytes to match the output of .tfloat
    directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a',
    'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for
    'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
    'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16
    instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to
    x86 ELF linker to pack relative relocations in the DT_RELR section. * Add
    support for the LoongArch architecture. * Add -z indirect-extern-access/-z
    noindirect-extern-access to x86 ELF linker to control canonical function
    pointers and copy relocation. * Add --max-cache-size=SIZE to set the the
    maximum cache size to SIZE bytes.


  o Fixed regression that prevented .ko.debug to be loaded in crash tool (bsc#
    1191908).
  o Explicitly enable --enable-warn-execstack=yes and
    --enable-warn-rwx-segments=yes.
  o Add gprofng subpackage.
  o Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237).
  o Add back fix for bsc#1191473, which got lost in the update to 2.38.
  o Install symlinks for all target specific tools on arm-eabi-none (bsc#
    1185712).
  o Enable PRU architecture for AM335x CPU (Beagle Bone Black board)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 9:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4277=1
  o SUSE OpenStack Cloud 9:
    zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4277=1
  o SUSE Linux Enterprise Software Development Kit 12-SP5:
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4277=1
  o SUSE Linux Enterprise Server for SAP 12-SP4:
    zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4277=1
  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4277=1
  o SUSE Linux Enterprise Server 12-SP4-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4277=1
  o SUSE Linux Enterprise Server 12-SP3-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4277=1
  o SUSE Linux Enterprise Server 12-SP2-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4277=1

Package List:

  o SUSE OpenStack Cloud Crowbar 9 (x86_64):
       binutils-2.39-9.50.1
       binutils-debuginfo-2.39-9.50.1
       binutils-debugsource-2.39-9.50.1
       binutils-devel-2.39-9.50.1
       libctf-nobfd0-2.39-9.50.1
       libctf-nobfd0-debuginfo-2.39-9.50.1
       libctf0-2.39-9.50.1
       libctf0-debuginfo-2.39-9.50.1
  o SUSE OpenStack Cloud 9 (x86_64):
       binutils-2.39-9.50.1
       binutils-debuginfo-2.39-9.50.1
       binutils-debugsource-2.39-9.50.1
       binutils-devel-2.39-9.50.1
       libctf-nobfd0-2.39-9.50.1
       libctf-nobfd0-debuginfo-2.39-9.50.1
       libctf0-2.39-9.50.1
       libctf0-debuginfo-2.39-9.50.1
  o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
    s390x x86_64):
       binutils-debuginfo-2.39-9.50.1
       binutils-debugsource-2.39-9.50.1
       binutils-devel-2.39-9.50.1
       binutils-gold-2.39-9.50.1
       binutils-gold-debuginfo-2.39-9.50.1
       cross-ppc-binutils-2.39-9.50.1
       cross-ppc-binutils-debuginfo-2.39-9.50.1
       cross-ppc-binutils-debugsource-2.39-9.50.1
       cross-spu-binutils-2.39-9.50.1
       cross-spu-binutils-debuginfo-2.39-9.50.1
       cross-spu-binutils-debugsource-2.39-9.50.1
  o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
       binutils-2.39-9.50.1
       binutils-debuginfo-2.39-9.50.1
       binutils-debugsource-2.39-9.50.1
       binutils-devel-2.39-9.50.1
       libctf-nobfd0-2.39-9.50.1
       libctf-nobfd0-debuginfo-2.39-9.50.1
       libctf0-2.39-9.50.1
       libctf0-debuginfo-2.39-9.50.1
  o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
       binutils-2.39-9.50.1
       binutils-debuginfo-2.39-9.50.1
       binutils-debugsource-2.39-9.50.1
       binutils-devel-2.39-9.50.1
       libctf-nobfd0-2.39-9.50.1
       libctf-nobfd0-debuginfo-2.39-9.50.1
       libctf0-2.39-9.50.1
       libctf0-debuginfo-2.39-9.50.1
  o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
       binutils-2.39-9.50.1
       binutils-debuginfo-2.39-9.50.1
       binutils-debugsource-2.39-9.50.1
       binutils-devel-2.39-9.50.1
       libctf-nobfd0-2.39-9.50.1
       libctf-nobfd0-debuginfo-2.39-9.50.1
       libctf0-2.39-9.50.1
       libctf0-debuginfo-2.39-9.50.1
  o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
       binutils-2.39-9.50.1
       binutils-debuginfo-2.39-9.50.1
       binutils-debugsource-2.39-9.50.1
       binutils-devel-2.39-9.50.1
       libctf-nobfd0-2.39-9.50.1
       libctf-nobfd0-debuginfo-2.39-9.50.1
       libctf0-2.39-9.50.1
       libctf0-debuginfo-2.39-9.50.1
  o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
       binutils-2.39-9.50.1
       binutils-debuginfo-2.39-9.50.1
       binutils-debugsource-2.39-9.50.1
       binutils-devel-2.39-9.50.1
       libctf-nobfd0-2.39-9.50.1
       libctf-nobfd0-debuginfo-2.39-9.50.1
       libctf0-2.39-9.50.1
       libctf0-debuginfo-2.39-9.50.1


References:

  o https://www.suse.com/security/cve/CVE-2019-1010204.html
  o https://www.suse.com/security/cve/CVE-2021-3530.html
  o https://www.suse.com/security/cve/CVE-2021-3648.html
  o https://www.suse.com/security/cve/CVE-2021-3826.html
  o https://www.suse.com/security/cve/CVE-2021-45078.html
  o https://www.suse.com/security/cve/CVE-2021-46195.html
  o https://www.suse.com/security/cve/CVE-2022-27943.html
  o https://www.suse.com/security/cve/CVE-2022-38126.html
  o https://www.suse.com/security/cve/CVE-2022-38127.html
  o https://www.suse.com/security/cve/CVE-2022-38533.html
  o https://bugzilla.suse.com/1142579
  o https://bugzilla.suse.com/1185597
  o https://bugzilla.suse.com/1185712
  o https://bugzilla.suse.com/1188374
  o https://bugzilla.suse.com/1191473
  o https://bugzilla.suse.com/1191908
  o https://bugzilla.suse.com/1193929
  o https://bugzilla.suse.com/1194783
  o https://bugzilla.suse.com/1197592
  o https://bugzilla.suse.com/1198237
  o https://bugzilla.suse.com/1198458
  o https://bugzilla.suse.com/1202816
  o https://bugzilla.suse.com/1202966
  o https://bugzilla.suse.com/1202967
  o https://bugzilla.suse.com/1202969

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY4bGn8kNZI30y1K9AQgBPw/+LwIhF1jMoeifmGleagc93D/OZujbK8y+
1jElsmxWPb2qer4yxcvEgkqK3ObhFJw37DDEVQ7eYKGrzOxWnsEmctYgDCnz7q2s
Uhdww677PW/VNcH03A41Yp6s1jT7A6/SZ9dASYB3GandAEtn+Ti9i5G6O/T9G/wH
ZykUzO0d4XYzou54iXlff2qEcTQSqkgzk+Z9/2QsGoRdHaMzQqa+dVSdzyfnxVsl
zdVs8X/f0rDC0hcWPohCq10rGGE871iQEs0PoXRta6ZExHPkf5h2QdePzPeadOdn
xwf3IddpeD7D/LNl3pHvnbU/yAGrtEY63+UPUb3b/t1+swm4jpt9RzFJZveML6US
a2N23dY4gE7KkUULCQho0t3Aq5fKOKafLXv05C4zMpNSuWOKG2qRK2W39Dwaaydb
B3SSFzVGd0V3GB+VPCFVk5NrqTnUCOHRS1BnboNrA/F4eDGpZRsRJRKM2FUJgev4
rDN7N/5AcHrGQSbyuKNrZYVqG//AbiE0FLZvfsuZRZdQFlAPjcMouIbWtqKFZiPF
6rRVZkis7GDTVd4lUu99J2WXF5PvTvMigg5/k1FGh3UlAaJEUR3kAjcOduSGy+wq
RTGTOjejkyt8Faq3EWDYkEy0OYMx3xWhyx5nNZ+u0ctxz/Pe26M0tl/FO/5rKw/k
6aMA48dkPgs=
=E8Wd
-----END PGP SIGNATURE-----