CVE-2021-45078 Archives - TuxCare

CVE-2021-45078 identified by TuxCare’s Extended Lifecycle Support Team

While backporting fixes for the binutils package for older Linux distributions covered by Extended Lifecycle Support, the team identified a vulnerability in the way CVE-2018-12699 was originally addressed. This new vulnerability allows for memory corruption and denial of service under specific conditions of binutils functionality, which, in turn, is used by multiple other packages.

 

The original vulnerability had a 9.8 CVSS (v3) score, and the newly identified vulnerability has been assigned a 7.5 CVSS (v3) score. The latest update of binutils available for service subscribers already includes a proper fix for the underlying issue, and the code was fixed in the upstream open source project after our report.

 

Continue reading “CVE-2021-45078 identified by TuxCare’s Extended Lifecycle Support Team”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching