ELSA-2025-20155-0

Опубликовано: 25 нояб. 2025

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELSA-2025-20155-0: binutils security update (MODERATE)

[2.41-58.0.1]

Forward-port Oracle patches to 2.41-58.
Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com Oracle history: August-29-2025 Bruce McCulloch bruce.mcculloch@oracle.com - 2.41-57.0.1
- Forward-port Oracle patches to 2.41-57. Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com Jun-04-2025 Bruce McCulloch bruce.mcculloch@oracle.com - 2.41-53.0.3
- Add binutils-orabug-38018827.patch.
  - Fix ctf_dict_open clobbering errno.
  - Backport of upstream commit:
    - 14303d6295e libctf: archive, open: when opening, always set errp to something.
  - [Orabug: 38018827]
- Add binutils-orabug-38018828.patch.
  - In kernel links, properly hide CTF types only if conflicting.
  - Backport of upstream commits:
    - 75e514cfa56 Revert 'libctf: fix linking of non-root-visible types'
    - 002957be18e libctf: dedup: improve hiding of conflicting types in the same dict
  - [Orabug: 38018828] Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com Reviewed-by: Nick Alcock nick.alcock@oracle.com Reviewed-by: Elena Zannoni elena.zannoni@oracle.com May-28-2025 Vladimir Mezentsev vladimir.mezentsev@oracle.com - 2.41-53.0.2
- Backported updates for gprofng. Reviewed-by: Bruce McCulloch bruce.mcculloch@oracle.com April-02-2025 Bruce McCulloch bruce.mcculloch@oracle.com - 2.41-53.0.1
- Merge Oracle patches to 2.41-53. Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com November-28-2024 Nick Alcock nick.alcock@oracle.com - 2.41-45.0.1
- Latest CTF changes from upstream
  - add ctf_dict_set_flag, ctf_lookup_enumerator, ctf_lookup_enumerator_next, ctf_arc_lookup_enumerator_next; consider enums with differing enumerators to be conflicting
- add documentation to ctf-api.h
- allow modification of ctf_opened dicts and opening of foreign- endian older dicts
- looking up types by name prefers non-bitfields if possible
- bugfixes to parent propagation, rewriting of existing dicts, ctf_archive_count, CU-mapped links, and dumping and linking of non-root-visible types.
- fix a bunch of small leaks and one big one (on ctf_open error)
- fix a write into freed memory after ctf_rollback and writeout
- internal improvements to serialization, name lookup, symbol lookup, string handling, and more
- explicitly disable zstd support (enabling requires addition of zstd to the .so scripts)

[2.41-58]

Remove workaround for CVE-2025-5702. (RHEL-100159)

[2.41-57]

Add fix for CVE-2025-5244. (RHEL-100417)
USe correct fix for CVE-2025-5702. (RHEL-100159)

[2.41-56]

Add basic support for RISC-V 64-bit EFI objects. (RHEL-88815)

[2.41-55]

Adds z17 as a cpu name for the s390x architecture. (RHEL-87215)

[2.41-54]

Fix BuildRequires for non-gold architectures. (RHEL-85855)
Fix RISC-V ld testsuite failures (thanks Nick Clifton). (RHEL-85855)

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

binutils-devel

2.41-58.0.1.el10

binutils

2.41-58.0.1.el10

binutils-gold

2.41-58.0.1.el10

Oracle Linux x86_64

binutils

2.41-58.0.1.el10

binutils-gold

2.41-58.0.1.el10

binutils-devel

2.41-58.0.1.el10

Связанные CVE

CVE-2025-5244

Ссылки на источники

Связанные уязвимости

CVE-2025-5244

CVSS3: 5.3

ubuntu

8 месяцев назад

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.