SUSE has issued an advisory today (November 21): https://lists.suse.com/pipermail/sle-security-updates/2022-November/013047.html
Whiteboard: (none) => MGA8TOOBlocks: (none) => 29820
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/37K3U3Y6AORU7MSIEFUTQDJVFCIIC2B4/
Fedora has issued an advisory on January 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KR2QVMWPG65ADZNESANZ2ZCVKKIOXB3J/ The issue is fixed upstream in 2.40 (gdb may also be affected).
CC: (none) => tmbSummary: binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-27943 CVE-2022-3812[67] => binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-4285 CVE-2022-27943 CVE-2022-3812[67]
Fedora has issued an advisory on March 11: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ISGOHU4UHYPN2BYVXLXBJH5IVDC3EIOW/ It fixes one additional issue (CVE-2023-25587) and according to the RedHat bug, there may be more (CVE-2023-25584, CVE-2023-25585, CVE-2023-25588).
Summary: binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-4285 CVE-2022-27943 CVE-2022-3812[67] => binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-4285 CVE-2022-27943 CVE-2022-3812[67] CVE-2023-25587
Fedora has issued an advisory on April 1: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7QO6DMWFYQDCGFLUQ4K7MW4Q323U4UU5/ It fixes one additional issue (CVE-2023-1579).
Summary: binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-4285 CVE-2022-27943 CVE-2022-3812[67] CVE-2023-25587 => binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-4285 CVE-2022-27943 CVE-2022-3812[67] CVE-2023-1579 CVE-2023-25587
Fedora has issued an advisory on April 22: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PDUJK5SPEJYUN5GYBGTJJLXMBBFLY5NE/ It fixes one additional issue (CVE-2023-1972).
Summary: binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-4285 CVE-2022-27943 CVE-2022-3812[67] CVE-2023-1579 CVE-2023-25587 => binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-4285 CVE-2022-27943 CVE-2022-3812[67] CVE-2023-1579 CVE-2023-1972 CVE-2023-25587
(In reply to David Walser from comment #2) > Fedora has issued an advisory on January 12: > https://lists.fedoraproject.org/archives/list/package-announce@lists. > fedoraproject.org/thread/KR2QVMWPG65ADZNESANZ2ZCVKKIOXB3J/ > > The issue is fixed upstream in 2.40 (gdb may also be affected). RedHat has issued an advisory for CVE-2022-4285 on May 16: https://access.redhat.com/errata/RHSA-2023:2873
CVE-2023-2558[458]: https://ubuntu.com/security/notices/USN-6101-1
Summary: binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-4285 CVE-2022-27943 CVE-2022-3812[67] CVE-2023-1579 CVE-2023-1972 CVE-2023-25587 => binutils new security issues CVE-2021-3530 CVE-2021-3648 CVE-2021-46195 CVE-2022-4285 CVE-2022-27943 CVE-2022-3812[67] CVE-2023-1579 CVE-2023-1972 CVE-2023-2558[4578]
CVE-2021-3530 fixed since 2.38, commit: commit f10f8617a302f45dae721eae0cd659911f03d864 Author: Nick Clifton <nickc@redhat.com> Date: Mon Jan 31 14:36:31 2022 +0000 CVE-2021-3648 rejected as its a duplicate for CVE-2021-3530 CVE-2021-46195 is also reference to fix for CVE-2021-3530 CVE-2022-4285 fixed in Cauldron since upstream: commit 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Author: Nick Clifton <nickc@redhat.com> Date: Wed Oct 19 15:09:12 2022 +0100 CVE-2022-27943 fixed in Cauldron since upstream: commit d8efadbdd94772562fed8fba9ce553587a62550f Author: Nick Clifton <nickc@redhat.com> Date: Mon Jul 4 13:57:12 2022 +0100 CVE-2022-3812[67] rejected, no security issue: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38126 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38127 CVE-2023-1579 fixed in Cauldron 2.40 since upstream: commit 3e307d538c351aa9327cbad672c884059ecc20dd Author: Nick Clifton <nickc@redhat.com> Date: Wed Jan 11 12:13:46 2023 +0000 CVE-2023-25584 fixed in Cauldron 2.40 since: commit 77c225bdeb410cf60da804879ad41622f5f1aa44 Author: Alan Modra <amodra@gmail.com> Date: Mon Dec 12 18:28:49 2022 +1030 CVE-2023-25585 fixed in Cauldron 2.40 since: commit 65cf035b8dc1df5d8020e0b1449514a3c42933e7 Author: Alan Modra <amodra@gmail.com> Date: Mon Dec 12 19:01:08 2022 +1030 CVE-2023-25587 rejected, no security issue: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25587 CVE-2023-25588 fixed in Cauldron 2.40 since: commit d12f8998d2d086f0a6606589e5aedb7147e6f2f1 Author: Alan Modra <amodra@gmail.com> Date: Fri Oct 14 10:30:21 2022 +1030 and finally, CVE-2023-1972 fixed in cauldron in: binutils-2.40-11.mga9 just submitted.
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)
Mageia 8 EOL
Resolution: (none) => OLDCC: (none) => nicolas.salgueroStatus: NEW => RESOLVED