The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of binutils: buffer overflow via process_mips_specific

Synthesis of the vulnerability 

An attacker can trigger a buffer overflow via process_mips_specific() of binutils, in order to trigger a denial of service, and possibly to run code.
Impacted products: BIG-IP Hardware, TMOS, openSUSE Leap, Solaris, SLES, Ubuntu.
Severity of this bulletin: 1/4.
Creation date: 27/05/2019.
Références of this threat: CVE-2019-9077, K00056379, openSUSE-SU-2020:1790-1, openSUSE-SU-2020:1804-1, SUSE-SU-2020:3060-1, SUSE-SU-2020:3552-1, USN-4336-1, VIGILANCE-VUL-29415.

Description of the vulnerability 

An attacker can trigger a buffer overflow via process_mips_specific() of binutils, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability impacts software or systems such as BIG-IP Hardware, TMOS, openSUSE Leap, Solaris, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this security announce is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer vulnerability note.

Solutions for this threat 

F5 BIG-IP: solution for CVE-2019-9077.
Finally, BIG-IP is not vulnerable.

openSUSE Leap 15: new binutils packages.
New packages are available:
  openSUSE Leap 15.1: binutils 2.35-lp151.3.9.1
  openSUSE Leap 15.2: binutils 2.35-lp152.4.3.1

Oracle Solaris: patch for third party software of Januray 2020 v2.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 15 RTM: new binutils packages.
New packages are available:
  SUSE LE 15 RTM: binutils 2.35.1-6.15.1

SUSE LE 15 SP1-2: new binutils packages.
New packages are available:
  SUSE LE 15 SP1: binutils 2.35-7.11.1
  SUSE LE 15 SP2: binutils 2.35-7.11.1

Ubuntu 18.04 LTS: new binutils packages.
New packages are available:
  Ubuntu 18.04 LTS: binutils 2.30-21ubuntu1~18.04.3, binutils-multiarch 2.30-21ubuntu1~18.04.3
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity patches. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.