Security update for binutils SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3695-1 Final 1 1 2023-09-20T07:32:42Z current 2023-09-20T07:32:42Z 2023-09-20T07:32:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for binutils This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementation-specific integer instructions. * Objdump's --private option can now be used on PE format files to display the fields in the file header and section headers. * New versioned release of libsframe: libsframe.so.1. This release introduces versioned symbols with version node name LIBSFRAME_1.0. This release also updates the ABI in an incompatible way: this includes removal of sframe_get_funcdesc_with_addr API, change in the behavior of sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. * SFrame Version 2 is now the default (and only) format version supported by gas, ld, readelf and objdump. * Add command-line option, --strip-section-headers, to objcopy and strip to remove ELF section header from ELF file. * The RISC-V port now supports the following new standard extensions: - Zicond (conditional zero instructions) - Zfa (additional floating-point instructions) - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) * The RISC-V port now supports the following vendor-defined extensions: - XVentanaCondOps * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. * A new .insn directive is recognized by x86 gas. * Add SME2 support to the AArch64 port. * The linker now accepts a command line option of --remap-inputs <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with <FILE>. In addition the option --remap-inputs-file=<FILE> can be used to specify a file containing any number of these remapping directives. * The linker command line option --print-map-locals can be used to include local symbols in a linker map. (ELF targets only). * For most ELF based targets, if the --enable-linker-version option is used then the version of the linker will be inserted as a string into the .comment section. * The linker script syntax has a new command for output sections: ASCIZ 'string' This will insert a zero-terminated string at the current location. * Add command-line option, -z nosectionheader, to omit ELF section header. - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1209642 aka CVE-2023-1579 aka PR29988 * bsc#1210297 aka CVE-2023-1972 aka PR30285 * bsc#1210733 aka CVE-2023-2222 aka PR29936 * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) * bsc#1214565 aka CVE-2020-19726 aka PR26240 * bsc#1214567 aka CVE-2022-35206 aka PR29290 * bsc#1214579 aka CVE-2022-35205 aka PR29289 * bsc#1214580 aka CVE-2022-44840 aka PR29732 * bsc#1214604 aka CVE-2022-45703 aka PR29799 * bsc#1214611 aka CVE-2022-48065 aka PR29925 * bsc#1214619 aka CVE-2022-48064 aka PR29922 * bsc#1214620 aka CVE-2022-48063 aka PR29924 * bsc#1214623 aka CVE-2022-47696 aka PR29677 * bsc#1214624 aka CVE-2022-47695 aka PR29846 * bsc#1214625 aka CVE-2022-47673 aka PR29876 - Fixed a compatibility problem caused by binutils-revert-rela.diff in SLE codestreams. Needed for update of glibc as that would otherwise pick up the broken relative relocs support. [bsc#1213282, jsc#PED-1435] - Document fixed CVEs: * bsc#1208037 aka CVE-2023-25588 aka PR29677 * bsc#1208038 aka CVE-2023-25587 aka PR29846 * bsc#1208040 aka CVE-2023-25585 aka PR29892 * bsc#1208409 aka CVE-2023-0687 aka PR29444 - Enable bpf-none cross target and add bpf-none to the multitarget set of supported targets. - Disable packed-relative-relocs for old codestreams. They generate buggy relocations when binutils-revert-rela.diff is active. [bsc#1206556] - Disable ZSTD debug section compress by default. - Enable zstd compression algorithm (instead of zlib) for debug info sections by default. - Pack libgprofng only for supported platforms. - Move libgprofng-related libraries to the proper locations (packages). - Add --without=bootstrap for skipping of bootstrap (faster testing of the package). Update to version 2.40: * Objdump has a new command line option --show-all-symbols which will make it display all symbols that match a given address when disassembling. (Normally only the first symbol that matches an address is shown). * Add --enable-colored-disassembly configure time option to enable colored disassembly output by default, if the output device is a terminal. Note, this configure option is disabled by default. * DCO signed contributions are now accepted. * objcopy --decompress-debug-sections now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * addr2line and objdump --dwarf now support zstd compressed debug sections. * The dlltool program now accepts --deterministic-libraries and --non-deterministic-libraries as command line options to control whether or not it generates deterministic output libraries. If neither of these options are used the default is whatever was set when the binutils were configured. * readelf and objdump now have a newly added option --sframe which dumps the SFrame section. * Add support for Intel RAO-INT instructions. * Add support for Intel AVX-NE-CONVERT instructions. * Add support for Intel MSRLIST instructions. * Add support for Intel WRMSRNS instructions. * Add support for Intel CMPccXADD instructions. * Add support for Intel AVX-VNNI-INT8 instructions. * Add support for Intel AVX-IFMA instructions. * Add support for Intel PREFETCHI instructions. * Add support for Intel AMX-FP16 instructions. * gas now supports --compress-debug-sections=zstd to compress debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head ISA manual, which are implemented in the Allwinner D1. * Add support for the RISC-V Zawrs extension, version 1.0-rc4. * Add support for Cortex-X1C for Arm. * New command line option --gsframe to generate SFrame unwind information on x86_64 and aarch64 targets. * The linker has a new command line option to suppress the generation of any warning or error messages. This can be useful when there is a need to create a known non-working binary. The option is -w or --no-warnings. * ld now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Remove support for -z bndplt (MPX prefix instructions). - Includes fixes for these CVEs: * bsc#1206080 aka CVE-2022-4285 aka PR29699 - Enable by default: --enable-colored-disassembly. - fix build on x86_64_vX platforms - add arm32 avoid copyreloc patch for PR16177 (bsc#1200962) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-BYOS-2023-3695,Image SLES12-SP5-Azure-SAP-BYOS-2023-3695,SUSE-2023-3695,SUSE-SLE-SDK-12-SP5-2023-3695,SUSE-SLE-SERVER-12-SP5-2023-3695 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ Link for SUSE-SU-2023:3695-1 https://lists.suse.com/pipermail/sle-security-updates/2023-September/016227.html E-Mail link for SUSE-SU-2023:3695-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1200962 SUSE Bug 1200962 https://bugzilla.suse.com/1206080 SUSE Bug 1206080 https://bugzilla.suse.com/1206556 SUSE Bug 1206556 https://bugzilla.suse.com/1208037 SUSE Bug 1208037 https://bugzilla.suse.com/1208038 SUSE Bug 1208038 https://bugzilla.suse.com/1208040 SUSE Bug 1208040 https://bugzilla.suse.com/1208409 SUSE Bug 1208409 https://bugzilla.suse.com/1209642 SUSE Bug 1209642 https://bugzilla.suse.com/1210297 SUSE Bug 1210297 https://bugzilla.suse.com/1210733 SUSE Bug 1210733 https://bugzilla.suse.com/1213282 SUSE Bug 1213282 https://bugzilla.suse.com/1213458 SUSE Bug 1213458 https://bugzilla.suse.com/1214565 SUSE Bug 1214565 https://bugzilla.suse.com/1214567 SUSE Bug 1214567 https://bugzilla.suse.com/1214579 SUSE Bug 1214579 https://bugzilla.suse.com/1214580 SUSE Bug 1214580 https://bugzilla.suse.com/1214604 SUSE Bug 1214604 https://bugzilla.suse.com/1214611 SUSE Bug 1214611 https://bugzilla.suse.com/1214619 SUSE Bug 1214619 https://bugzilla.suse.com/1214620 SUSE Bug 1214620 https://bugzilla.suse.com/1214623 SUSE Bug 1214623 https://bugzilla.suse.com/1214624 SUSE Bug 1214624 https://bugzilla.suse.com/1214625 SUSE Bug 1214625 https://www.suse.com/security/cve/CVE-2020-19726/ SUSE CVE CVE-2020-19726 page https://www.suse.com/security/cve/CVE-2021-32256/ SUSE CVE CVE-2021-32256 page https://www.suse.com/security/cve/CVE-2022-35205/ SUSE CVE CVE-2022-35205 page https://www.suse.com/security/cve/CVE-2022-35206/ SUSE CVE CVE-2022-35206 page https://www.suse.com/security/cve/CVE-2022-4285/ SUSE CVE CVE-2022-4285 page https://www.suse.com/security/cve/CVE-2022-44840/ SUSE CVE CVE-2022-44840 page https://www.suse.com/security/cve/CVE-2022-45703/ SUSE CVE CVE-2022-45703 page https://www.suse.com/security/cve/CVE-2022-47673/ SUSE CVE CVE-2022-47673 page https://www.suse.com/security/cve/CVE-2022-47695/ SUSE CVE CVE-2022-47695 page https://www.suse.com/security/cve/CVE-2022-47696/ SUSE CVE CVE-2022-47696 page https://www.suse.com/security/cve/CVE-2022-48063/ SUSE CVE CVE-2022-48063 page https://www.suse.com/security/cve/CVE-2022-48064/ SUSE CVE CVE-2022-48064 page https://www.suse.com/security/cve/CVE-2022-48065/ SUSE CVE CVE-2022-48065 page https://www.suse.com/security/cve/CVE-2023-0687/ SUSE CVE CVE-2023-0687 page https://www.suse.com/security/cve/CVE-2023-1579/ SUSE CVE CVE-2023-1579 page https://www.suse.com/security/cve/CVE-2023-1972/ SUSE CVE CVE-2023-1972 page https://www.suse.com/security/cve/CVE-2023-2222/ SUSE CVE CVE-2023-2222 page https://www.suse.com/security/cve/CVE-2023-25585/ SUSE CVE CVE-2023-25585 page https://www.suse.com/security/cve/CVE-2023-25587/ SUSE CVE CVE-2023-25587 page https://www.suse.com/security/cve/CVE-2023-25588/ SUSE CVE CVE-2023-25588 page Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-SAP-BYOS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 binutils-2.41-9.53.1 libctf-nobfd0-2.41-9.53.1 libctf0-2.41-9.53.1 binutils-devel-2.41-9.53.1 binutils-devel-32bit-2.41-9.53.1 binutils-devel-64bit-2.41-9.53.1 binutils-gold-2.41-9.53.1 cross-aarch64-binutils-2.41-9.53.1 cross-arm-binutils-2.41-9.53.1 cross-avr-binutils-2.41-9.53.1 cross-hppa-binutils-2.41-9.53.1 cross-hppa64-binutils-2.41-9.53.1 cross-i386-binutils-2.41-9.53.1 cross-ia64-binutils-2.41-9.53.1 cross-m68k-binutils-2.41-9.53.1 cross-mips-binutils-2.41-9.53.1 cross-ppc-binutils-2.41-9.53.1 cross-ppc64-binutils-2.41-9.53.1 cross-ppc64le-binutils-2.41-9.53.1 cross-s390-binutils-2.41-9.53.1 cross-s390x-binutils-2.41-9.53.1 cross-sparc-binutils-2.41-9.53.1 cross-sparc64-binutils-2.41-9.53.1 cross-spu-binutils-2.41-9.53.1 cross-x86_64-binutils-2.41-9.53.1 binutils-2.41-9.53.1 as a component of Image SLES12-SP5-Azure-BYOS libctf-nobfd0-2.41-9.53.1 as a component of Image SLES12-SP5-Azure-BYOS libctf0-2.41-9.53.1 as a component of Image SLES12-SP5-Azure-BYOS binutils-2.41-9.53.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS libctf-nobfd0-2.41-9.53.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS libctf0-2.41-9.53.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS binutils-2.41-9.53.1 as a component of SUSE Linux Enterprise Server 12 SP5 binutils-devel-2.41-9.53.1 as a component of SUSE Linux Enterprise Server 12 SP5 libctf-nobfd0-2.41-9.53.1 as a component of SUSE Linux Enterprise Server 12 SP5 libctf0-2.41-9.53.1 as a component of SUSE Linux Enterprise Server 12 SP5 binutils-2.41-9.53.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 binutils-devel-2.41-9.53.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libctf-nobfd0-2.41-9.53.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libctf0-2.41-9.53.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 binutils-devel-2.41-9.53.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 binutils-gold-2.41-9.53.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. CVE-2020-19726 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2020-19726.html CVE-2020-19726 https://bugzilla.suse.com/1214565 SUSE Bug 1214565 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. CVE-2021-32256 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2021-32256.html CVE-2021-32256 https://bugzilla.suse.com/1213458 SUSE Bug 1213458 An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. CVE-2022-35205 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-35205.html CVE-2022-35205 https://bugzilla.suse.com/1214579 SUSE Bug 1214579 Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. CVE-2022-35206 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-35206.html CVE-2022-35206 https://bugzilla.suse.com/1214567 SUSE Bug 1214567 An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVE-2022-4285 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-4285.html CVE-2022-4285 https://bugzilla.suse.com/1206080 SUSE Bug 1206080 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. CVE-2022-44840 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-44840.html CVE-2022-44840 https://bugzilla.suse.com/1214580 SUSE Bug 1214580 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. CVE-2022-45703 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-45703.html CVE-2022-45703 https://bugzilla.suse.com/1214604 SUSE Bug 1214604 An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. CVE-2022-47673 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-47673.html CVE-2022-47673 https://bugzilla.suse.com/1214625 SUSE Bug 1214625 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. CVE-2022-47695 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-47695.html CVE-2022-47695 https://bugzilla.suse.com/1214624 SUSE Bug 1214624 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. CVE-2022-47696 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-47696.html CVE-2022-47696 https://bugzilla.suse.com/1214623 SUSE Bug 1214623 GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVE-2022-48063 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-48063.html CVE-2022-48063 https://bugzilla.suse.com/1214620 SUSE Bug 1214620 GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVE-2022-48064 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-48064.html CVE-2022-48064 https://bugzilla.suse.com/1214619 SUSE Bug 1214619 GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. CVE-2022-48065 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2022-48065.html CVE-2022-48065 https://bugzilla.suse.com/1214611 SUSE Bug 1214611 ** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. CVE-2023-0687 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2023-0687.html CVE-2023-0687 https://bugzilla.suse.com/1207975 SUSE Bug 1207975 Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. CVE-2023-1579 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2023-1579.html CVE-2023-1579 https://bugzilla.suse.com/1209642 SUSE Bug 1209642 https://bugzilla.suse.com/1213676 SUSE Bug 1213676 A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. CVE-2023-1972 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2023-1972.html CVE-2023-1972 https://bugzilla.suse.com/1210297 SUSE Bug 1210297 ** REJECT ** This was deemed not a security vulnerability by upstream. CVE-2023-2222 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2023-2222.html CVE-2023-2222 https://bugzilla.suse.com/1210733 SUSE Bug 1210733 A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. CVE-2023-25585 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2023-25585.html CVE-2023-25585 https://bugzilla.suse.com/1208040 SUSE Bug 1208040 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2023-25587 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2023-25587.html CVE-2023-25587 https://bugzilla.suse.com/1208038 SUSE Bug 1208038 A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. CVE-2023-25588 Image SLES12-SP5-Azure-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-BYOS:libctf0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:binutils-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf-nobfd0-2.41-9.53.1 Image SLES12-SP5-Azure-SAP-BYOS:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf-nobfd0-2.41-9.53.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libctf0-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-devel-2.41-9.53.1 SUSE Linux Enterprise Software Development Kit 12 SP5:binutils-gold-2.41-9.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/ https://www.suse.com/security/cve/CVE-2023-25588.html CVE-2023-25588 https://bugzilla.suse.com/1208037 SUSE Bug 1208037