SUSE update for gcc48

Published: 2022-06-15

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2019-14250
CWE-ID	CWE-190
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	SUSE Linux Enterprise Workstation Extension Operating systems & Components / Operating system SUSE Linux Enterprise Desktop Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system libasan0-debuginfo Operating systems & Components / Operating system package or component libasan0 Operating systems & Components / Operating system package or component libasan0-32bit Operating systems & Components / Operating system package or component libstdc++48-devel-32bit Operating systems & Components / Operating system package or component gcc48-32bit Operating systems & Components / Operating system package or component cpp48-debuginfo Operating systems & Components / Operating system package or component cpp48 Operating systems & Components / Operating system package or component libada48-debuginfo Operating systems & Components / Operating system package or component libada48 Operating systems & Components / Operating system package or component gcc48-ada-debuginfo Operating systems & Components / Operating system package or component gcc48-ada Operating systems & Components / Operating system package or component gcc48-info Operating systems & Components / Operating system package or component libstdc++48-devel Operating systems & Components / Operating system package or component gcc48-locale Operating systems & Components / Operating system package or component gcc48-c++-debuginfo Operating systems & Components / Operating system package or component gcc48-c++ Operating systems & Components / Operating system package or component gcc48 Operating systems & Components / Operating system package or component gcc48-objc-32bit Operating systems & Components / Operating system package or component libgcj48-devel-debuginfo Operating systems & Components / Operating system package or component libgcj48-devel Operating systems & Components / Operating system package or component libffi48-devel Operating systems & Components / Operating system package or component libffi48-debugsource Operating systems & Components / Operating system package or component gcc48-objc-debuginfo Operating systems & Components / Operating system package or component gcc48-objc Operating systems & Components / Operating system package or component gcc48-obj-c++-debuginfo Operating systems & Components / Operating system package or component gcc48-obj-c++ Operating systems & Components / Operating system package or component gcc48-java-debuginfo Operating systems & Components / Operating system package or component gcc48-java Operating systems & Components / Operating system package or component gcc48-fortran-debuginfo Operating systems & Components / Operating system package or component gcc48-fortran Operating systems & Components / Operating system package or component gcc48-debugsource Operating systems & Components / Operating system package or component gcc48-debuginfo Operating systems & Components / Operating system package or component libgcj_bc1 Operating systems & Components / Operating system package or component libgcj48-jar Operating systems & Components / Operating system package or component libgcj48-debugsource Operating systems & Components / Operating system package or component libgcj48-debuginfo Operating systems & Components / Operating system package or component libgcj48-debuginfo-32bit Operating systems & Components / Operating system package or component libgcj48 Operating systems & Components / Operating system package or component libgcj48-32bit Operating systems & Components / Operating system package or component gcc48-gij-debuginfo Operating systems & Components / Operating system package or component gcc48-gij-debuginfo-32bit Operating systems & Components / Operating system package or component gcc48-gij Operating systems & Components / Operating system package or component gcc48-gij-32bit Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Integer overflow

EUVDB-ID: #VU19616

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14250

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in simple_object_elf_match() function in simple-object-elf.c. A remote attacker can use a specially crFted ELF file to trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package gcc48 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Desktop: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP Applications: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

libasan0-debuginfo: before 4.8.5-31.26.1

libasan0: before 4.8.5-31.26.1

libasan0-32bit: before 4.8.5-31.26.1

libstdc++48-devel-32bit: before 4.8.5-31.26.1

gcc48-32bit: before 4.8.5-31.26.1

cpp48-debuginfo: before 4.8.5-31.26.1

cpp48: before 4.8.5-31.26.1

libada48-debuginfo: before 4.8.5-31.26.1

libada48: before 4.8.5-31.26.1

gcc48-ada-debuginfo: before 4.8.5-31.26.1

gcc48-ada: before 4.8.5-31.26.1

gcc48-info: before 4.8.5-31.26.1

libstdc++48-devel: before 4.8.5-31.26.1

gcc48-locale: before 4.8.5-31.26.1

gcc48-c++-debuginfo: before 4.8.5-31.26.1

gcc48-c++: before 4.8.5-31.26.1

gcc48: before 4.8.5-31.26.1

gcc48-objc-32bit: before 4.8.5-31.26.1

libgcj48-devel-debuginfo: before 4.8.5-31.26.1

libgcj48-devel: before 4.8.5-31.26.1

libffi48-devel: before 4.8.5-31.26.1

libffi48-debugsource: before 4.8.5-31.26.1

gcc48-objc-debuginfo: before 4.8.5-31.26.1

gcc48-objc: before 4.8.5-31.26.1

gcc48-obj-c++-debuginfo: before 4.8.5-31.26.1

gcc48-obj-c++: before 4.8.5-31.26.1

gcc48-java-debuginfo: before 4.8.5-31.26.1

gcc48-java: before 4.8.5-31.26.1

gcc48-fortran-debuginfo: before 4.8.5-31.26.1

gcc48-fortran: before 4.8.5-31.26.1

gcc48-debugsource: before 4.8.5-31.26.1

gcc48-debuginfo: before 4.8.5-31.26.1

libgcj_bc1: before 4.8.5-31.26.1

libgcj48-jar: before 4.8.5-31.26.1

libgcj48-debugsource: before 4.8.5-31.26.1

libgcj48-debuginfo: before 4.8.5-31.26.1

libgcj48-debuginfo-32bit: before 4.8.5-31.26.1

libgcj48: before 4.8.5-31.26.1

libgcj48-32bit: before 4.8.5-31.26.1

gcc48-gij-debuginfo: before 4.8.5-31.26.1

gcc48-gij-debuginfo-32bit: before 4.8.5-31.26.1

gcc48-gij: before 4.8.5-31.26.1

gcc48-gij-32bit: before 4.8.5-31.26.1

CPE2.3

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222015-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.