UbuntuUpdates.org

Package "binutils"

Name: binutils

Description:

GNU assembler, linker and binary utilities

Latest version: 2.30-21ubuntu1~18.04.9
Release: bionic (18.04)
Level: security
Repository: main
Homepage: https://www.gnu.org/software/binutils/

Links


Download "binutils"


Other versions of "binutils" in Bionic

Repository Area Version
base main 2.30-15ubuntu1
base universe 2.30-15ubuntu1
security universe 2.30-21ubuntu1~18.04.9
updates universe 2.30-21ubuntu1~18.04.9
updates main 2.30-21ubuntu1~18.04.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.30-21ubuntu1~18.04.9 2023-05-24 16:07:14 UTC

  binutils (2.30-21ubuntu1~18.04.9) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read vulnerability
    - debian/patches/CVE-2023-25584.patch: Lack of bounds checking in
      vms-alpha.c parse_module
    - CVE-2023-25584
  * SECURITY UPDATE: segmentation fault due to uninitialized `file_table`
    - debian/patches/CVE-2023-25585.patch: Use bfd_zmalloc to alloc
      file_table
    - CVE-2023-25585
  * SECURITY UPDATE: segmentation fault due to uninitialized `the_bfd`
    - debian/patches/CVE-2023-25588.patch: Field `the_bfd` of `asymbol` is
      uninitialised
    - CVE-2023-25588

 -- Nishit Majithia <email address hidden> Fri, 19 May 2023 14:22:50 +0530

Source diff to previous version
CVE-2023-25584 RESERVED
CVE-2023-25585 RESERVED
CVE-2023-25588 RESERVED

Version: 2.30-21ubuntu1~18.04.8 2022-12-05 20:06:22 UTC

  binutils (2.30-21ubuntu1~18.04.8) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2022-38533.patch: strip possibly
      heap-buffer-overflow in bfd/coffcode.h.
    - CVE-2022-38533

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 30 Aug 2022 10:03:11 -0300

Source diff to previous version
CVE-2022-38533 In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new v

Version: 2.30-21ubuntu1~18.04.7 2021-10-25 17:06:20 UTC

  binutils (2.30-21ubuntu1~18.04.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Use after free in bfd_hash_lookup
    - debian/patches/CVE-2020-16592.patch: don't use a pointer into strings
      that may be freed for section name in bfd/peXXigen.c.
    - CVE-2020-16592
  * SECURITY UPDATE: DoS via memory consumption in DWARF debug sections
    - debian/patches/CVE-2021-3487.patch: check for debug sections with
      excessive sizes in bfd/dwarf2.c.
    - CVE-2021-3487

 -- Marc Deslauriers <email address hidden> Wed, 20 Oct 2021 07:11:39 -0400

Source diff to previous version
CVE-2020-16592 A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm
CVE-2021-3487 There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and

Version: 2.30-21ubuntu1~18.04.5 2021-03-01 13:06:18 UTC

  binutils (2.30-21ubuntu1~18.04.5) bionic; urgency=medium

  * d/p/lp1903814-lp1903814-s390_prevent_GOT_access.patch:
    Prevent GOT access rewrite for certain symbols (LP: #1903814)
    Thanks to Ilya Leoshkevich for porting the upstream patch to v2.30:
    https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=e6213e09ed0ef6ee40d00981c38baac6964aa95b

 -- Lukas Märdian <email address hidden> Fri, 12 Feb 2021 09:45:35 +0100

Source diff to previous version
1903814 [binutils] Prevent GOT access rewrite for certain symbols

Version: 2.30-21ubuntu1~18.04.4 2020-08-04 09:07:02 UTC

  binutils (2.30-21ubuntu1~18.04.4) bionic; urgency=medium

  * d/p/lp-1883880-x86-don-t-mistakenly-scale-non-8-bit-displacements.patch:
    avoid scaling displacements that breaks e.g. some AVX512 code (LP: #1883880)

 -- Christian Ehrhardt <email address hidden> Thu, 18 Jun 2020 13:03:55 +0200

1883880 fix non-8-bit x86 displacements breaking AVX512 builds on Bionic



About   -   Send Feedback to @ubuntu_updates