Bug 14056

Summary:	[CVE21] binutils 2.38 CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, pastordidi
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-11-29 10:30:45 MSK

https://nvd.nist.gov/vuln/detail/CVE-2023-1972 6.5 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2022-4285 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-47695 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-47696 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-47008 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-47011 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-47010 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-47007 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-47673 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-48065 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-48064 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-48063 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-45703 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-44840 Exploit!

Comment 1 Aleksandr Proklov 2023-12-07 11:57:48 MSK

CVE-2022-45703 - патч исправляет опечатку, у нас еще нет этого кода
остальные уязвимости закрыты патчами 

binutils	2.38-4

https://abf.io/build_lists/4858505
https://abf.io/build_lists/4858506 х64
https://abf.io/build_lists/4858507
https://abf.io/build_lists/4858508

Comment 2 Dmitry Postnikov 2023-12-07 18:01:09 MSK

*****************************
Обновление отослано в Тестинг

Comment 3 Vladimir Potapov 2023-12-13 17:43:59 MSK

binutils-2.38-4
https://abf.io/build_lists/4858505
https://abf.io/build_lists/4858506 х64
https://abf.io/build_lists/4858507
https://abf.io/build_lists/4858508
******************** Advisory ************************
CVEs fixed by patches
******************************************************
QA Verified