Advisories » MGASA-2021-0011

Updated binutils packages fix security vulnerabilities

Publication date: 08 Jan 2021
Modification date: 08 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-16598 , CVE-2020-16592

Description

It was discovered that mingw-binutils and binutils suffered from two
vulnerabilites which might lead to DoS.

Null Pointer Dereference in debug_get_real_type could result in DoS
(CVE-2020-16598).

Use-after-free in bfd_hash_lookup could result in DoS (CVE-2020-16592).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27954
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DJIW6KKY2TSLD43XEZXG56WREIIBUIIQ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16598
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16592

SRPMS

7/core

• binutils-2.33.1-1.1.mga7
• mingw-binutils-2.30-3.1.mga7
• cross-binutils-2.31.1-1.1.mga7