Overview

File _patchinfo of Package patchinfo.41432

<patchinfo incident="41432">
  <issue tracker="bnc" id="1243756">VUL-0: CVE-2025-5244: binutils: absence of check may lead to memory corruption</issue>
  <issue tracker="bnc" id="1251795">VUL-0: CVE-2025-11495: binutils: manipulation of the Linker component in function elf_x86_64_relocate_section may lead to out-of-bounds read</issue>
  <issue tracker="bnc" id="1236999">VUL-0: CVE-2025-1176: binutils, gdb: heap-based buffer overflow via _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld</issue>
  <issue tracker="bnc" id="1251794">VUL-0: CVE-2025-11494: binutils: manipulation of the Linker component in function _bfd_x86_elf_late_size_sections may lead to out-of-bounds read</issue>
  <issue tracker="bnc" id="1236977">VUL-0: CVE-2025-1149: binutils, gdb: memory leak via  function xstrdup of the file libiberty/xmalloc.c of the component ld</issue>
  <issue tracker="bnc" id="1246486">VUL-0: CVE-2025-7546: binutils: input manipulation may lead to an out-of-bound write in elf</issue>
  <issue tracker="bnc" id="1246481">VUL-0: CVE-2025-7545: binutils: input manipulation may lead to an out-of-bound read in objcopy</issue>
  <issue tracker="bnc" id="1243760">VUL-0: CVE-2025-5245: binutils: pointers manipulation may lead to memory corruption</issue>
  <issue tracker="bnc" id="1237018">VUL-0: CVE-2025-1178: binutils, gdb: memory corruption via function bfd_putl64 of the file libbfd.c of the component ld</issue>
  <issue tracker="bnc" id="1237000">VUL-0: CVE-2025-1153: binutils, gdb: memory corruption via function bfd_set_format of the file format.c</issue>
  <issue tracker="bnc" id="1250632">VUL-0: CVE-2025-11083: binutils: Heap-based buffer overflow in elf_swap_shdr function</issue>
  <issue tracker="bnc" id="1240870">VUL-0: CVE-2025-3198: binutils: objdump bucomm.c display_info memory leak</issue>
  <issue tracker="bnc" id="1241916">GCC 15 - binutils package doesn't build</issue>
  <issue tracker="bnc" id="1237020">VUL-0: CVE-2025-1180: binutils,gdb: memory corruption via function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld</issue>
  <issue tracker="bnc" id="1236978">VUL-0: CVE-2025-1148: binutils,gdb: memory leak via function link_order_scan of the file ld/ldelfgen.c of the component ld</issue>
  <issue tracker="bnc" id="1247105">Binutils "s390: Add support for z17 as CPU name"</issue>
  <issue tracker="bnc" id="1237005">VUL-0: CVE-2025-1150: binutils,gdb: memory leak via function bfd_malloc of the file libbfd.c of the component ld</issue>
  <issue tracker="bnc" id="1237001">VUL-0: CVE-2025-1152: binutils,gdb: memory leak via function xstrdup of the file xstrdup.c of the component ld</issue>
  <issue tracker="bnc" id="1251276">VUL-0: CVE-2025-11413: binutils: manipulation of the Linker component in function elf_link_add_object_symbols may lead to out-of-bounds read</issue>
  <issue tracker="bnc" id="1237003">VUL-0: CVE-2025-1151: binutils,gdb: memory leak via unction xmemdup of the file xmemdup.c of the component ld</issue>
  <issue tracker="bnc" id="1237021">VUL-0: CVE-2025-1179: binutils,gdb: memory corruption via function bfd_putl64 of the file bfd/libbfd.c of the component ld</issue>
  <issue tracker="bnc" id="1251277">VUL-0: CVE-2025-11414: binutils: manipulation of the Linker component in function get_link_hash_entry may lead to out-of-bounds read</issue>
  <issue tracker="bnc" id="1237019">VUL-0: CVE-2025-1181: binutils,gdb: memory corruption via function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld</issue>
  <issue tracker="bnc" id="1236976">VUL-0: CVE-2025-1147: binutils,gdb: buffer overflow via __sanitizer::internal_strlen of the file binutils/nm.c of the component nm</issue>
  <issue tracker="bnc" id="1251275">VUL-0: CVE-2025-11412: binutils: manipulation of the Linker component may lead to out-of-bounds read</issue>
  <issue tracker="bnc" id="1040589">bash/gcc/gzip/python differ between builds because of profiling</issue>
  <issue tracker="bnc" id="1247117">VUL-0: CVE-2025-8225: binutils: memory leak in function process_debug_info of file binutils/dwarf.c</issue>
  <issue tracker="bnc" id="1247114">VUL-0: CVE-2025-8224: binutils: NULL pointer dereference in bfd_elf_get_str_section of file bfd/elf.c</issue>
  <issue tracker="bnc" id="1237042">VUL-0: CVE-2025-1182: binutils: illegal memory access triggered by corrupt ELF input files</issue>
  <issue tracker="bnc" id="1236632">VUL-0: CVE-2025-0840: binutils: objdump: stack-based buffer overflow in function disassemble_bytes of the file binutils/objdump.c</issue>
  <issue tracker="cve" id="2025-0840"/>
  <issue tracker="cve" id="2025-1178"/>
  <issue tracker="cve" id="2025-1181"/>
  <issue tracker="cve" id="2025-11495"/>
  <issue tracker="cve" id="2025-1148"/>
  <issue tracker="cve" id="2025-1179"/>
  <issue tracker="cve" id="2025-5244"/>
  <issue tracker="cve" id="2025-11412"/>
  <issue tracker="cve" id="2025-3198"/>
  <issue tracker="cve" id="2025-1153"/>
  <issue tracker="cve" id="2025-1147"/>
  <issue tracker="cve" id="2025-1152"/>
  <issue tracker="cve" id="2025-11083"/>
  <issue tracker="cve" id="2025-11414"/>
  <issue tracker="cve" id="2025-7545"/>
  <issue tracker="cve" id="2025-1150"/>
  <issue tracker="cve" id="2025-1151"/>
  <issue tracker="cve" id="2025-1149"/>
  <issue tracker="cve" id="2025-1180"/>
  <issue tracker="cve" id="2025-1182"/>
  <issue tracker="cve" id="2025-11413"/>
  <issue tracker="cve" id="2025-1176"/>
  <issue tracker="cve" id="2025-11494"/>
  <issue tracker="cve" id="2025-5245"/>
  <issue tracker="cve" id="2025-8224"/>
  <issue tracker="cve" id="2025-8225"/>
  <issue tracker="cve" id="2025-7546"/>
  <packager>matz2</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for binutils</summary>
  <description>This update for binutils fixes the following issues:

- Do not enable '-z gcs=implicit' on aarch64 for old codestreams.

Update to version 2.45:

  * New versioned release of libsframe.so.2
  * s390: tools now support SFrame format 2; recognize "z17" as CPU
    name [bsc#1247105, jsc#IBM-1485]
  * sframe sections are now of ELF section type SHT_GNU_SFRAME.
  * sframe secions generated by the assembler have
    SFRAME_F_FDE_FUNC_START_PCREL set.
  * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0,
    Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0,
    ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0,
    sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0,
    zclsd v1.0, smrnmi v1.0;
    vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0;
    SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0;
    T-Head: xtheadvdot v1.0;
    MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0.
  * Support RISC-V privileged version 1.13, profiles 20/22/23, and
    .bfloat16 directive.
  * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS,
    AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX.
    Drop support for  AVX10.2 256 bit rounding.
  * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and
    extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui',
    '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2',
    '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'.
  * Predefined symbols "GAS(version)" and, on non-release builds, "GAS(date)"
    are now being made available.
  * Add .errif and .warnif directives.
  * linker:
    - Add --image-base=&lt;ADDR&gt; option to the ELF linker to behave the same
      as -Ttext-segment for compatibility with LLD.
    - Add support for mixed LTO and non-LTO codes in relocatable output.
    - s390: linker generates .eh_frame and/or .sframe for linker
      generated .plt sections by default (can be disabled
      by --no-ld-generated-unwind-info).
    - riscv: add new PLT formats, and GNU property merge rules for zicfiss
      and zicfilp extensions.
- gold is no longer included
- Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md):

  * bsc#1236632 aka CVE-2025-0840 aka PR32650
  * bsc#1236977 aka CVE-2025-1149 aka PR32576
  * bsc#1236978 aka CVE-2025-1148 aka PR32576
  * bsc#1236999 aka CVE-2025-1176 aka PR32636
  * bsc#1237000 aka CVE-2025-1153 aka PR32603
  * bsc#1237001 aka CVE-2025-1152 aka PR32576
  * bsc#1237003 aka CVE-2025-1151 aka PR32576
  * bsc#1237005 aka CVE-2025-1150 aka PR32576
  * bsc#1237018 aka CVE-2025-1178 aka PR32638
  * bsc#1237019 aka CVE-2025-1181 aka PR32643
  * bsc#1237020 aka CVE-2025-1180 aka PR32642
  * bsc#1237021 aka CVE-2025-1179 aka PR32640
  * bsc#1237042 aka CVE-2025-1182 aka PR32644
  * bsc#1240870 aka CVE-2025-3198 aka PR32716
  * bsc#1243756 aka CVE-2025-5244 aka PR32858
  * bsc#1243760 aka CVE-2025-5245 aka PR32829
  * bsc#1246481 aka CVE-2025-7545 aka PR33049
  * bsc#1246486 aka CVE-2025-7546 aka PR33050
  * bsc#1247114 aka CVE-2025-8224 aka PR32109
  * bsc#1247117 aka CVE-2025-8225 no PR
- Add these backport patches:
  * bsc#1236976 aka CVE-2025-1147 aka PR32556
  * bsc#1250632 aka CVE-2025-11083 aka PR33457
  * bsc#1251275 aka CVE-2025-11412 aka PR33452
  * bsc#1251276 aka CVE-2025-11413 aka PR33456
  * bsc#1251277 aka CVE-2025-11414 aka PR33450
  * bsc#1251794 aka CVE-2025-11494 aka PR33499
  * bsc#1251795 aka CVE-2025-11495 aka PR33502

- Skip PGO with %want_reproducible_builds (bsc#1040589)
- Fix crash in assembler with -gdwarf-5
- aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size
- Add -std=gnu17 to move gcc15 forward, as temporary measure until
  the binutils version can be updated [bsc#1241916].
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places