{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-11082: fix heap buffer overflow in _bfd_elf_parse_eh_frame\n- CVE-2025-5244: fix NULL deref in elf_gc_sweep for empty SEC_GROUP\n- CVE-2025-5245: fix SEGV in debug_type_samep / debug_write_type\n- CVE-2025-7545: fix heap buffer issue in objcopy copy_section\n- CVE-2025-7546: fix corrupted group section handling in elf.c", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/advisories/2026/clsa-2026_1776331045.json" } ], "tracking": { "current_release_date": "2026-04-16T09:19:19Z", "generator": { "date": "2026-04-16T09:19:19Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776331045", "initial_release_date": "2026-04-16T09:19:19Z", "revision_history": [ { "date": "2026-04-16T09:19:19Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "binutils: Fix of 5 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product": { "name": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product_id": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils@2.27-44.base.el7_9.1.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product_id": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-devel@2.27-44.base.el7_9.1.tuxcare.els4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "product": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "product_id": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-devel@2.27-44.base.el7_9.1.tuxcare.els4?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" }, "product_reference": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" }, "product_reference": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686" }, "product_reference": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-7545", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-7545" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16117" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.316243", "url": "https://vuldb.com/?ctiid.316243" }, { "category": "external", "summary": "https://vuldb.com/?id.316243", "url": "https://vuldb.com/?id.316243" }, { "category": "external", "summary": "https://vuldb.com/?submit.614355", "url": "https://vuldb.com/?submit.614355" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-07-13T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:17:43.539657Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045", "product_ids": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-11082", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-11082" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16358" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.326123", "url": "https://vuldb.com/?ctiid.326123" }, { "category": "external", "summary": "https://vuldb.com/?id.326123", "url": "https://vuldb.com/?id.326123" }, { "category": "external", "summary": "https://vuldb.com/?submit.661276", "url": "https://vuldb.com/?submit.661276" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-09-27T23:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:17:43.539657Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045", "product_ids": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-5244", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-5244" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16010" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32858" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.310346", "url": "https://vuldb.com/?ctiid.310346" }, { "category": "external", "summary": "https://vuldb.com/?id.310346", "url": "https://vuldb.com/?id.310346" }, { "category": "external", "summary": "https://vuldb.com/?submit.584634", "url": "https://vuldb.com/?submit.584634" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-05-27T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:17:43.539657Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045", "product_ids": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-5245", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-5245" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16004" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32829" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.310347", "url": "https://vuldb.com/?ctiid.310347" }, { "category": "external", "summary": "https://vuldb.com/?id.310347", "url": "https://vuldb.com/?id.310347" }, { "category": "external", "summary": "https://vuldb.com/?submit.584635", "url": "https://vuldb.com/?submit.584635" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-05-27T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:17:43.539657Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045", "product_ids": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776331045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }