UbuntuUpdates.org

Package "binutils"

Name: binutils

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GNU binary utilities, for alpha-linux-gnu target
  • GNU binary utilities, for alpha-linux-gnu target (debug symbols)
  • GNU binary utilities, for arm-linux-gnueabi target
  • GNU binary utilities, for arm-linux-gnueabi target (debug symbols)

Latest version: 2.34-6ubuntu1.8
Release: focal (20.04)
Level: security
Repository: universe

Links



Other versions of "binutils" in Focal

Repository Area Version
base universe 2.34-6ubuntu1
base main 2.34-6ubuntu1
security main 2.34-6ubuntu1.8
updates main 2.34-6ubuntu1.8
updates universe 2.34-6ubuntu1.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.34-6ubuntu1.8 2024-01-15 14:06:53 UTC

  binutils (2.34-6ubuntu1.8) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in dwarf.c
    - debian/patches/CVE-2022-44840.patch: delete range check (end_cu_tu_entry
      and add_shndx_to_cu_tu_entry) and fill shndx_pool by directly scanning
      pool, rather than indirectly from index entries (process_cu_tu_index).
    - CVE-2022-44840
  * SECURITY UPDATE: heap buffer overflow in dwarf.c
    - debian/patches/CVE-2022-45703-0.patch: combine sanity checks. Calculate
      element counts, not word counts (display_gdb_index).
    - debian/patches/CVE-2022-45703-1.patch: typo fix.
    - CVE-2022-45703
  * SECURITY UPDATE: memory leak in stabs.c
    - debian/patches/CVE-2022-47007.patch: free dt on failure path
      (stab_demangle_v3_arg).
    - CVE-2022-47007
  * SECURITY UPDATE: memory leak in bucomm.c
    - debian/patches/CVE-2022-47008.patch: free template on all failure paths
      (make_tempdir, make_tempname).
    - CVE-2022-47008
  * SECURITY UPDATE: memory leak in prdbg.c
    - debian/patches/CVE-2022-47010.patch: free "s" on failure path
      (pr_function_type).
    - CVE-2022-47010
  * SECURITY UPDATE: memory leak in stabs.c
    - debian/patches/CVE-2022-47011.patch: free "fields" on failure path
      (parse_stab_struct_fields).
    - CVE-2022-47011

 -- Nick Galanis <email address hidden> Tue, 02 Jan 2024 17:48:50 +0200

Source diff to previous version
CVE-2022-44840 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
CVE-2022-45703 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
CVE-2022-47007 An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to mem
CVE-2022-47008 An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of servic
CVE-2022-47010 An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory
CVE-2022-47011 An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to

Version: 2.34-6ubuntu1.7 2023-12-11 13:08:58 UTC

  binutils (2.34-6ubuntu1.7) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in libbfd.c
    - debian/patches/CVE-2020-19726-1.patch: check that buffer contains
      required number of auxents before processing any auxent (coffgen.c) and
      only swap in extended file name from auxents for PE (coffswap.h).
    - debian/patches/CVE-2020-19726-2.patch: fix off-by-one error in check for
      aux entries that overflow the buffer (coff_get_normalized_symtab,
      coffgen.c).
    - CVE-2020-19726

  * SECURITY UPDATE: heap buffer overflow in rddbg.c
    - debian/patches/CVE-2021-46174.patch: don't read past end of section when
      concatenating stab strings (read_section_stabs_debugging_info).
    - CVE-2021-46174

  * SECURITY UPDATE: reachable assertion failure in dwarf.c
    - debian/patches/CVE-2022-35205.patch: replace assert with a warning
      message (display_debug_names).
    - CVE-2022-35205

 -- Nick Galanis <email address hidden> Thu, 30 Nov 2023 10:16:08 +0000

Source diff to previous version
CVE-2020-19726 An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a
CVE-2021-46174 Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
CVE-2022-35205 An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial o

Version: 2.34-6ubuntu1.6 2023-06-13 20:08:14 UTC

  binutils (2.34-6ubuntu1.6) focal-security; urgency=medium

  * SECURITY UPDATE: possible denial of service via heap overflow
    - debian/patches/CVE-2021-45078.patch: fix bounds checking in
      binutils/stabs.c.
    - CVE-2021-45078

 -- Marc Deslauriers <email address hidden> Tue, 13 Jun 2023 09:53:18 -0400

Source diff to previous version
CVE-2021-45078 stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibl

Version: 2.34-6ubuntu1.5 2023-05-24 12:07:30 UTC

  binutils (2.34-6ubuntu1.5) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read vulnerability
    - debian/patches/CVE-2023-25584.patch: Lack of bounds checking in
      vms-alpha.c parse_module
    - CVE-2023-25584
  * SECURITY UPDATE: segmentation fault due to uninitialized `file_table`
    - debian/patches/CVE-2023-25585.patch: Use bfd_zmalloc to alloc
      file_table
    - CVE-2023-25585
  * SECURITY UPDATE: segmentation fault due to uninitialized `the_bfd`
    - debian/patches/CVE-2023-25588.patch: Field `the_bfd` of `asymbol` is
      uninitialised
    - CVE-2023-25588

 -- Nishit Majithia <email address hidden> Mon, 22 May 2023 08:11:49 +0530

Source diff to previous version
CVE-2023-25584 RESERVED
CVE-2023-25585 RESERVED
CVE-2023-25588 RESERVED

Version: 2.34-6ubuntu1.4 2022-12-05 20:06:33 UTC

  binutils (2.34-6ubuntu1.4) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2022-38533.patch: strip possibly
      heap-buffer-overflow in bfd/coffcode.h.
    - CVE-2022-38533

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 30 Aug 2022 09:53:48 -0300

CVE-2022-38533 In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new v



About   -   Send Feedback to @ubuntu_updates