{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"binutils security update", "category":"general", "title":"Synopsis" }, { "text":"An update for binutils is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line).\n\nSecurity Fix(es):\n\nA flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.(CVE-2026-6845)", "category":"general", "title":"Description" }, { "text":"An update for binutils is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"binutils", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2152", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2152" }, { "summary":"CVE-2026-6845", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6845&packageName=binutils" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6845" }, { "summary":"openEuler-SA-2026-2152 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2152.json" } ], "title":"An update for binutils is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2026-05-03T18:08:17+08:00", "revision_history":[ { "date":"2026-05-03T18:08:17+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-05-03T18:08:17+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-05-03T18:08:17+08:00", "id":"openEuler-SA-2026-2152", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-2.41-29.oe2403.src.rpm", "name":"binutils-2.41-29.oe2403.src.rpm" }, "name":"binutils-2.41-29.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-2.41-29.oe2403.x86_64.rpm", "name":"binutils-2.41-29.oe2403.x86_64.rpm" }, "name":"binutils-2.41-29.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-debuginfo-2.41-29.oe2403.x86_64.rpm", "name":"binutils-debuginfo-2.41-29.oe2403.x86_64.rpm" }, "name":"binutils-debuginfo-2.41-29.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-debugsource-2.41-29.oe2403.x86_64.rpm", "name":"binutils-debugsource-2.41-29.oe2403.x86_64.rpm" }, "name":"binutils-debugsource-2.41-29.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-devel-2.41-29.oe2403.x86_64.rpm", "name":"binutils-devel-2.41-29.oe2403.x86_64.rpm" }, "name":"binutils-devel-2.41-29.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-help-2.41-29.oe2403.x86_64.rpm", "name":"binutils-help-2.41-29.oe2403.x86_64.rpm" }, "name":"binutils-help-2.41-29.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-2.41-29.oe2403.aarch64.rpm", "name":"binutils-2.41-29.oe2403.aarch64.rpm" }, "name":"binutils-2.41-29.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-debuginfo-2.41-29.oe2403.aarch64.rpm", "name":"binutils-debuginfo-2.41-29.oe2403.aarch64.rpm" }, "name":"binutils-debuginfo-2.41-29.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-debugsource-2.41-29.oe2403.aarch64.rpm", "name":"binutils-debugsource-2.41-29.oe2403.aarch64.rpm" }, "name":"binutils-debugsource-2.41-29.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-devel-2.41-29.oe2403.aarch64.rpm", "name":"binutils-devel-2.41-29.oe2403.aarch64.rpm" }, "name":"binutils-devel-2.41-29.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"binutils-help-2.41-29.oe2403.aarch64.rpm", "name":"binutils-help-2.41-29.oe2403.aarch64.rpm" }, "name":"binutils-help-2.41-29.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-2.41-29.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-2.41-29.oe2403.src", "name":"binutils-2.41-29.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-2.41-29.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-2.41-29.oe2403.x86_64", "name":"binutils-2.41-29.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-debuginfo-2.41-29.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-debuginfo-2.41-29.oe2403.x86_64", "name":"binutils-debuginfo-2.41-29.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-debugsource-2.41-29.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-debugsource-2.41-29.oe2403.x86_64", "name":"binutils-debugsource-2.41-29.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-devel-2.41-29.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-devel-2.41-29.oe2403.x86_64", "name":"binutils-devel-2.41-29.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-help-2.41-29.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-help-2.41-29.oe2403.x86_64", "name":"binutils-help-2.41-29.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-2.41-29.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-2.41-29.oe2403.aarch64", "name":"binutils-2.41-29.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-debuginfo-2.41-29.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-debuginfo-2.41-29.oe2403.aarch64", "name":"binutils-debuginfo-2.41-29.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-debugsource-2.41-29.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-debugsource-2.41-29.oe2403.aarch64", "name":"binutils-debugsource-2.41-29.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-devel-2.41-29.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-devel-2.41-29.oe2403.aarch64", "name":"binutils-devel-2.41-29.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"binutils-help-2.41-29.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:binutils-help-2.41-29.oe2403.aarch64", "name":"binutils-help-2.41-29.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-6845", "notes":[ { "text":"A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:binutils-2.41-29.oe2403.src", "openEuler-24.03-LTS:binutils-2.41-29.oe2403.x86_64", "openEuler-24.03-LTS:binutils-debuginfo-2.41-29.oe2403.x86_64", "openEuler-24.03-LTS:binutils-debugsource-2.41-29.oe2403.x86_64", "openEuler-24.03-LTS:binutils-devel-2.41-29.oe2403.x86_64", "openEuler-24.03-LTS:binutils-help-2.41-29.oe2403.x86_64", "openEuler-24.03-LTS:binutils-2.41-29.oe2403.aarch64", "openEuler-24.03-LTS:binutils-debuginfo-2.41-29.oe2403.aarch64", "openEuler-24.03-LTS:binutils-debugsource-2.41-29.oe2403.aarch64", "openEuler-24.03-LTS:binutils-devel-2.41-29.oe2403.aarch64", "openEuler-24.03-LTS:binutils-help-2.41-29.oe2403.aarch64" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"binutils security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2152" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.0, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-6845" } ] }