Vulmon
Amazon Linux 2 Security Advisory: ALAS-2024-2401
Advisory Release Date: 2024-01-03 21:04 Pacific
Advisory Updated Date: 2024-01-09 17:51 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. (CVE-2020-19724)
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. (CVE-2021-46174)
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. (CVE-2022-35205)
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47007)
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47008)
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47010)
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. (CVE-2022-48064)
Potential heap based buffer overflow found in _bfd_elf_slurp_version_tables() in bfd/elf.c. (CVE-2023-1972)
Affected Packages:
binutils
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
"Run yum update binutils to update your system.
"
aarch64:
binutils-2.29.1-31.amzn2.0.1.aarch64
binutils-devel-2.29.1-31.amzn2.0.1.aarch64
binutils-debuginfo-2.29.1-31.amzn2.0.1.aarch64
i686:
binutils-2.29.1-31.amzn2.0.1.i686
binutils-devel-2.29.1-31.amzn2.0.1.i686
binutils-debuginfo-2.29.1-31.amzn2.0.1.i686
src:
binutils-2.29.1-31.amzn2.0.1.src
x86_64:
binutils-2.29.1-31.amzn2.0.1.x86_64
binutils-devel-2.29.1-31.amzn2.0.1.x86_64
binutils-debuginfo-2.29.1-31.amzn2.0.1.x86_64