Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:3032 - Security Advisory
Issued:
2018-10-30
Updated:
2018-10-30

RHSA-2018:3032 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: binutils security, bug fix, and enhancement update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for binutils is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.

Security Fix(es):

  • binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208)
  • binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)
  • binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)
  • binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)
  • binutils: Integer overflow in the display_debug_ranges function resulting in crash (CVE-2018-7643)
  • binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)
  • binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)
  • binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)
  • binutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)
  • binutils: NULL pointer dereference in elf.c (CVE-2018-10535)
  • binutils: Uncontrolled Resource Consumption in execution of nm (CVE-2018-13033)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1439351 - [LLNL 7.5 FEAT] RFE create an option to permanently link in audit library into an executable (binutils)
  • BZ - 1546622 - CVE-2018-7208 binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file
  • BZ - 1551771 - CVE-2018-7568 binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library
  • BZ - 1551778 - CVE-2018-7569 binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library
  • BZ - 1553115 - CVE-2018-7642 binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash
  • BZ - 1553119 - CVE-2018-7643 binutils: Integer overflow in the display_debug_ranges function resulting in crash
  • BZ - 1553842 - Unresolvable `R_X86_64_NONE` relocation
  • BZ - 1557346 - collect2: error: ld terminated with signal 11 [Segmentation fault], core dumped
  • BZ - 1560827 - CVE-2018-8945 binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable
  • BZ - 1573356 - CVE-2018-10372 binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file
  • BZ - 1573365 - CVE-2018-10373 binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file
  • BZ - 1573872 - ld should allow "lea foo@GOT, %ecx"
  • BZ - 1574696 - CVE-2018-10534 binutils: out of bounds memory write in peXXigen.c files
  • BZ - 1574697 - CVE-2018-10535 binutils: NULL pointer dereference in elf.c
  • BZ - 1597436 - CVE-2018-13033 binutils: Uncontrolled Resource Consumption in execution of nm

CVEs

  • CVE-2018-7208
  • CVE-2018-7568
  • CVE-2018-7569
  • CVE-2018-7642
  • CVE-2018-7643
  • CVE-2018-8945
  • CVE-2018-10372
  • CVE-2018-10373
  • CVE-2018-10534
  • CVE-2018-10535
  • CVE-2018-13033

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
x86_64
binutils-2.27-34.base.el7.x86_64.rpm SHA-256: 4ac0df588892b5cdea280487201f34ed9da337f4092b5e5e3ce74f53e3485451
binutils-debuginfo-2.27-34.base.el7.i686.rpm SHA-256: 3c928fa34b0d7cf25e561c284de796c18181d9058a7d95d47c04f24f53683747
binutils-debuginfo-2.27-34.base.el7.x86_64.rpm SHA-256: 746650e5032f13a5c102720942550c93dc59fc599b69297c96ce575f0c4e6921
binutils-devel-2.27-34.base.el7.i686.rpm SHA-256: 341d0c362ad4d3fafff81b7ca40e2f945cdff3bffb089eb5e7aa7e80863a2909
binutils-devel-2.27-34.base.el7.x86_64.rpm SHA-256: 7383b0b4e0e9849dc9965338808ea1bdcdf63443bea3009a77bb838e7442a090

Red Hat Enterprise Linux Workstation 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
x86_64
binutils-2.27-34.base.el7.x86_64.rpm SHA-256: 4ac0df588892b5cdea280487201f34ed9da337f4092b5e5e3ce74f53e3485451
binutils-debuginfo-2.27-34.base.el7.i686.rpm SHA-256: 3c928fa34b0d7cf25e561c284de796c18181d9058a7d95d47c04f24f53683747
binutils-debuginfo-2.27-34.base.el7.x86_64.rpm SHA-256: 746650e5032f13a5c102720942550c93dc59fc599b69297c96ce575f0c4e6921
binutils-devel-2.27-34.base.el7.i686.rpm SHA-256: 341d0c362ad4d3fafff81b7ca40e2f945cdff3bffb089eb5e7aa7e80863a2909
binutils-devel-2.27-34.base.el7.x86_64.rpm SHA-256: 7383b0b4e0e9849dc9965338808ea1bdcdf63443bea3009a77bb838e7442a090

Red Hat Enterprise Linux Desktop 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
x86_64
binutils-2.27-34.base.el7.x86_64.rpm SHA-256: 4ac0df588892b5cdea280487201f34ed9da337f4092b5e5e3ce74f53e3485451
binutils-debuginfo-2.27-34.base.el7.i686.rpm SHA-256: 3c928fa34b0d7cf25e561c284de796c18181d9058a7d95d47c04f24f53683747
binutils-debuginfo-2.27-34.base.el7.x86_64.rpm SHA-256: 746650e5032f13a5c102720942550c93dc59fc599b69297c96ce575f0c4e6921
binutils-debuginfo-2.27-34.base.el7.x86_64.rpm SHA-256: 746650e5032f13a5c102720942550c93dc59fc599b69297c96ce575f0c4e6921
binutils-devel-2.27-34.base.el7.i686.rpm SHA-256: 341d0c362ad4d3fafff81b7ca40e2f945cdff3bffb089eb5e7aa7e80863a2909
binutils-devel-2.27-34.base.el7.x86_64.rpm SHA-256: 7383b0b4e0e9849dc9965338808ea1bdcdf63443bea3009a77bb838e7442a090

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
s390x
binutils-2.27-34.base.el7.s390x.rpm SHA-256: 13590b8fc9aa7a501e83f765382a5fe56a241e18cc1660c1bc423f9887aea470
binutils-debuginfo-2.27-34.base.el7.s390.rpm SHA-256: 8915a0ed72275c9c878e4ad4d97c1480c7fcc937a13fc46ee85c98a98ccc91aa
binutils-debuginfo-2.27-34.base.el7.s390x.rpm SHA-256: b472d4289e7f94b289f64c032c1d36810cf18925269d3e67fcf1319558c49257
binutils-devel-2.27-34.base.el7.s390.rpm SHA-256: 3dddc6b4025e39a011b3c8867de02207d94d33f0da1f387377835b291fdcc212
binutils-devel-2.27-34.base.el7.s390x.rpm SHA-256: e8a27bd88a458ecca20fe9bc332dd857ba2ca9d43962d030dceb550031653157

Red Hat Enterprise Linux for Power, big endian 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
ppc64
binutils-2.27-34.base.el7.ppc64.rpm SHA-256: 44a3717e4365ce2eda5264f2f7764753ec18efee8c7354b1a156eb3d1c1c23b5
binutils-debuginfo-2.27-34.base.el7.ppc.rpm SHA-256: 9fc69c626ccae19e035435d7e65e1a1400e24396eb2e9699adae737262273f34
binutils-debuginfo-2.27-34.base.el7.ppc64.rpm SHA-256: 6c061097b1bdbdfd5583a979014200e22501f2820ba6ba2ca4b1489472d1c225
binutils-devel-2.27-34.base.el7.ppc.rpm SHA-256: 6ccc44ec7a27af6ed9bcc4c4e347b730a128a99bc62ee7b94fbcc3e92a1be277
binutils-devel-2.27-34.base.el7.ppc64.rpm SHA-256: 8c5769611d66c03fab98ce3496d72fd85c17ceb1b585abe6372d77c348c63667

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
x86_64
binutils-2.27-34.base.el7.x86_64.rpm SHA-256: 4ac0df588892b5cdea280487201f34ed9da337f4092b5e5e3ce74f53e3485451
binutils-debuginfo-2.27-34.base.el7.i686.rpm SHA-256: 3c928fa34b0d7cf25e561c284de796c18181d9058a7d95d47c04f24f53683747
binutils-debuginfo-2.27-34.base.el7.x86_64.rpm SHA-256: 746650e5032f13a5c102720942550c93dc59fc599b69297c96ce575f0c4e6921
binutils-debuginfo-2.27-34.base.el7.x86_64.rpm SHA-256: 746650e5032f13a5c102720942550c93dc59fc599b69297c96ce575f0c4e6921
binutils-devel-2.27-34.base.el7.i686.rpm SHA-256: 341d0c362ad4d3fafff81b7ca40e2f945cdff3bffb089eb5e7aa7e80863a2909
binutils-devel-2.27-34.base.el7.x86_64.rpm SHA-256: 7383b0b4e0e9849dc9965338808ea1bdcdf63443bea3009a77bb838e7442a090

Red Hat Enterprise Linux for Power, little endian 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
ppc64le
binutils-2.27-34.base.el7.ppc64le.rpm SHA-256: fff10490e39bdb18185c6c280a7969fcdd4cfad3dd8c4ecf7f304eba654228f7
binutils-debuginfo-2.27-34.base.el7.ppc64le.rpm SHA-256: c30c06d1847b9ce095b3fe7b8a1140616dbcf0f4d55f6242ab9bed47a4e04692
binutils-devel-2.27-34.base.el7.ppc64le.rpm SHA-256: 5ff33e59ed9706a9de396ad84226037e34a336c540918cb4bb8b6b26ddebe555

Red Hat Enterprise Linux for ARM 64 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
aarch64
binutils-2.27-34.base.el7.aarch64.rpm SHA-256: f210ed85aacb251b16ffd4e6b3a3ca97f6d9bf9f1a556ef4a5dc0c6f76169814
binutils-debuginfo-2.27-34.base.el7.aarch64.rpm SHA-256: 97edef22a3d991d3e97193f4b56e3f07fb717b3336b81dc1e8923fd56b8e44df
binutils-devel-2.27-34.base.el7.aarch64.rpm SHA-256: defbde364e5a0385b6cc9ae3f7aab85218899352c6a9ed6a88daf480a7257d67

Red Hat Enterprise Linux for Power 9 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
ppc64le
binutils-2.27-34.base.el7.ppc64le.rpm SHA-256: fff10490e39bdb18185c6c280a7969fcdd4cfad3dd8c4ecf7f304eba654228f7
binutils-debuginfo-2.27-34.base.el7.ppc64le.rpm SHA-256: c30c06d1847b9ce095b3fe7b8a1140616dbcf0f4d55f6242ab9bed47a4e04692
binutils-devel-2.27-34.base.el7.ppc64le.rpm SHA-256: 5ff33e59ed9706a9de396ad84226037e34a336c540918cb4bb8b6b26ddebe555

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
binutils-2.27-34.base.el7.src.rpm SHA-256: b38bcca3d53b8a6758695918a4bb2b2a6b3073dea03511a5fca80fd751934bab
s390x
binutils-2.27-34.base.el7.s390x.rpm SHA-256: 13590b8fc9aa7a501e83f765382a5fe56a241e18cc1660c1bc423f9887aea470
binutils-debuginfo-2.27-34.base.el7.s390.rpm SHA-256: 8915a0ed72275c9c878e4ad4d97c1480c7fcc937a13fc46ee85c98a98ccc91aa
binutils-debuginfo-2.27-34.base.el7.s390x.rpm SHA-256: b472d4289e7f94b289f64c032c1d36810cf18925269d3e67fcf1319558c49257
binutils-devel-2.27-34.base.el7.s390.rpm SHA-256: 3dddc6b4025e39a011b3c8867de02207d94d33f0da1f387377835b291fdcc212
binutils-devel-2.27-34.base.el7.s390x.rpm SHA-256: e8a27bd88a458ecca20fe9bc332dd857ba2ca9d43962d030dceb550031653157

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our Privacy Statement effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter