Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-136-1] binutils vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Fri, 27 May 2005 13:38:56 +0200

===========================================================
Ubuntu Security Notice USN-136-1               May 27, 2005
binutils vulnerability
CAN-2005-1704
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

binutils
binutils-multiarch

The problem can be corrected by upgrading the affected package to
version 2.14.90.0.7-8ubuntu0.2 (for Ubuntu 4.10), or 2.15-5ubuntu2.1
(for Ubuntu 5.04).  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Tavis Ormandy found an integer overflow in the Binary File Descriptor
(BFD) parser in the GNU debugger. The same vulnerable code is also
present in binutils. By tricking an user into processing a specially
crafted executable with the binutils tools (strings, objdump, nm,
readelf, etc.), an attacker could exploit this to execute arbitrary
code with the privileges of the user running the affected program.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2.diff.gz
      Size/MD5:    51417 f845b3e1355e35e68d0a318e36a2bab0
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2.dsc
      Size/MD5:      802 710bf99bd72b1afae20fc92dd66ae031
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7.orig.tar.gz
      Size/MD5: 13625636 3211f9065fd85f5f726f08c2f0c3db0c

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.14.90.0.7-8ubuntu0.2_all.deb
      Size/MD5:   422494 10e5d330120ae23eb2b85b2e6a779eca

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.14.90.0.7-8ubuntu0.2_amd64.deb
      Size/MD5:  2912498 264f76c2de25f569789ea90793fdd814
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.14.90.0.7-8ubuntu0.2_amd64.deb
      Size/MD5:  8052384 3c9f4400cddf2a251209e6351cf13bd8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2_amd64.deb
      Size/MD5:  2468256 a380b11ae81d9e08e49b2b37012ddbbf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.14.90.0.7-8ubuntu0.2_i386.deb
      Size/MD5:  2852262 9d23fd3a5722a623e63f42981d0425e6
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.14.90.0.7-8ubuntu0.2_i386.deb
      Size/MD5:  7882298 58b4b6f4b304574e003fed0f52247400
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2_i386.deb
      Size/MD5:  2435474 43bdef72991cf1c41f09dbb6e8153f21

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.14.90.0.7-8ubuntu0.2_powerpc.deb
      Size/MD5:  3536650 4d2aa7df363e35b302a1b6ec9a11a67e
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.14.90.0.7-8ubuntu0.2_powerpc.deb
      Size/MD5:  9379314 77b7df24ffa9cc6b146c19df533b2873
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2_powerpc.deb
      Size/MD5:  2572692 f7ccefe764c69541c7bdab7ebf212023

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1.diff.gz
      Size/MD5:    41141 3912bde660d30bdc9db259b1e4760fa8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1.dsc
      Size/MD5:      781 99488b7c339737189950036dda41ac58
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15.orig.tar.gz
      Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.15-5ubuntu2.1_all.deb
      Size/MD5:   433890 571c4d3c59d12dc2648633da05debf1f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.1_amd64.deb
      Size/MD5:  2839936 a150864ff843b4a7f2891bc8033f78b9
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.1_amd64.deb
      Size/MD5:  8022016 15283e00c70b96cc6703629c8d0aa73a
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1_amd64.deb
      Size/MD5:  1369076 e50eeb7b75e2a43ca805a5ae7ad661e9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.1_i386.deb
      Size/MD5:  2795900 db51c8d640ec43bf34c4a4ee4125b8d5
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.1_i386.deb
      Size/MD5:  7868676 6ee9d67f9c08e1a054743d428af51cd9
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1_i386.deb
      Size/MD5:  1323878 4463e0ac4fae73f5b241e92e46205e33

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.1_powerpc.deb
      Size/MD5:  3470772 b946466edc98a0bd2e5252229a2d7473
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.1_powerpc.deb
      Size/MD5:  9386154 8c0d4741185a22c913dfddfd98c840f7
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1_powerpc.deb
      Size/MD5:  1465548 4e586fe1daaf83b5a6255cc05b4e9ab4

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-136-1] binutils vulnerability Martin Pitt (May 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]