Bugzilla – Full Text Bug Listing |
Summary: | VUL-0: CVE-2022-48063: binutils: excessive memory consumption in load_separate_debug_files() in dwarf.c | ||
---|---|---|---|
Product: | [Novell Products] SUSE Security Incidents | Reporter: | Robert Frohl <rfrohl> |
Component: | Incidents | Assignee: | Security Team bot <security-team> |
Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
Severity: | Normal | ||
Priority: | P3 - Medium | CC: | security-team |
Version: | unspecified | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Other | ||
URL: | https://smash.suse.de/issue/376057/ | ||
Whiteboard: | |||
Found By: | Security Response Team | Services Priority: | |
Business Priority: | Blocker: | --- | |
Marketing QA Status: | --- | IT Deployment: | --- |
Description
Robert Frohl
2023-08-25 12:41:49 UTC
I will again refer to Nick in redhats bugzilla: ----------- The SECURITY.txt file in the upstream GNU Binutils sources makes it clear that bugs in inspectio tools like objdump and readelf should not be considered to be security issues and hence do not qualify as a CVE. I also fail to see how this bug could be used a part of a DNS attack, since invoking an inspection tool like objdump is not part of any normal service. ----------- So, WONTFIX, or alternatively will be fixed later this month with version update. SUSE-SU-2023:3695-1: An update that solves 20 vulnerabilities, contains two features and has three security fixes can now be installed. Category: security (important) Bug References: 1200962, 1206080, 1206556, 1208037, 1208038, 1208040, 1208409, 1209642, 1210297, 1210733, 1213282, 1213458, 1214565, 1214567, 1214579, 1214580, 1214604, 1214611, 1214619, 1214620, 1214623, 1214624, 1214625 CVE References: CVE-2020-19726, CVE-2021-32256, CVE-2022-35205, CVE-2022-35206, CVE-2022-4285, CVE-2022-44840, CVE-2022-45703, CVE-2022-47673, CVE-2022-47695, CVE-2022-47696, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065, CVE-2023-0687, CVE-2023-1579, CVE-2023-1972, CVE-2023-2222, CVE-2023-25585, CVE-2023-25587, CVE-2023-25588 Jira References: PED-1435, PED-5778 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): binutils-2.41-9.53.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5 (src): binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): binutils-2.41-9.53.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2023:3825-1: An update that solves 20 vulnerabilities, contains one feature and has two security fixes can now be installed. Category: security (important) Bug References: 1200962, 1206080, 1206556, 1208037, 1208038, 1208040, 1208409, 1209642, 1210297, 1210733, 1213458, 1214565, 1214567, 1214579, 1214580, 1214604, 1214611, 1214619, 1214620, 1214623, 1214624, 1214625 CVE References: CVE-2020-19726, CVE-2021-32256, CVE-2022-35205, CVE-2022-35206, CVE-2022-4285, CVE-2022-44840, CVE-2022-45703, CVE-2022-47673, CVE-2022-47695, CVE-2022-47696, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065, CVE-2023-0687, CVE-2023-1579, CVE-2023-1972, CVE-2023-2222, CVE-2023-25585, CVE-2023-25587, CVE-2023-25588 Jira References: PED-5778 Sources used: openSUSE Leap 15.5 (src): cross-s390x-binutils-2.41-150100.7.46.1, cross-ia64-binutils-2.41-150100.7.46.1, cross-m68k-binutils-2.41-150100.7.46.1, cross-avr-binutils-2.41-150100.7.46.1, cross-hppa-binutils-2.41-150100.7.46.1, cross-sparc64-binutils-2.41-150100.7.46.1, cross-i386-binutils-2.41-150100.7.46.1, cross-xtensa-binutils-2.41-150100.7.46.1, cross-ppc-binutils-2.41-150100.7.46.1, cross-ppc64le-binutils-2.41-150100.7.46.1, cross-epiphany-binutils-2.41-150100.7.46.1, cross-riscv64-binutils-2.41-150100.7.46.1, cross-aarch64-binutils-2.41-150100.7.46.1, cross-hppa64-binutils-2.41-150100.7.46.1, cross-rx-binutils-2.41-150100.7.46.1, cross-ppc64-binutils-2.41-150100.7.46.1, cross-x86_64-binutils-2.41-150100.7.46.1, cross-spu-binutils-2.41-150100.7.46.1, cross-arm-binutils-2.41-150100.7.46.1, binutils-2.41-150100.7.46.1, cross-s390-binutils-2.41-150100.7.46.1, cross-sparc-binutils-2.41-150100.7.46.1, cross-mips-binutils-2.41-150100.7.46.1 Basesystem Module 15-SP4 (src): binutils-2.41-150100.7.46.1 Basesystem Module 15-SP5 (src): binutils-2.41-150100.7.46.1 Development Tools Module 15-SP4 (src): binutils-2.41-150100.7.46.1 Development Tools Module 15-SP5 (src): binutils-2.41-150100.7.46.1 SUSE Package Hub 15 15-SP4 (src): binutils-2.41-150100.7.46.1 SUSE Package Hub 15 15-SP5 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): binutils-2.41-150100.7.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): binutils-2.41-150100.7.46.1 SUSE Manager Proxy 4.2 (src): binutils-2.41-150100.7.46.1 SUSE Manager Retail Branch Server 4.2 (src): binutils-2.41-150100.7.46.1 SUSE Manager Server 4.2 (src): binutils-2.41-150100.7.46.1 SUSE Enterprise Storage 7.1 (src): binutils-2.41-150100.7.46.1 SUSE CaaS Platform 4.0 (src): binutils-2.41-150100.7.46.1 openSUSE Leap 15.4 (src): binutils-2.41-150100.7.46.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. done, closing |