User: Password:
Subscribe / Log in / New account

Ubuntu alert USN-136-1 (binutils)

From:  Martin Pitt <>
Subject:  [USN-136-1] binutils vulnerability
Date:  Fri, 27 May 2005 13:38:56 +0200

=========================================================== Ubuntu Security Notice USN-136-1 May 27, 2005 binutils vulnerability CAN-2005-1704 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: binutils binutils-multiarch The problem can be corrected by upgrading the affected package to version (for Ubuntu 4.10), or 2.15-5ubuntu2.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy found an integer overflow in the Binary File Descriptor (BFD) parser in the GNU debugger. The same vulnerable code is also present in binutils. By tricking an user into processing a specially crafted executable with the binutils tools (strings, objdump, nm, readelf, etc.), an attacker could exploit this to execute arbitrary code with the privileges of the user running the affected program. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: Size/MD5: 51417 f845b3e1355e35e68d0a318e36a2bab0 Size/MD5: 802 710bf99bd72b1afae20fc92dd66ae031 Size/MD5: 13625636 3211f9065fd85f5f726f08c2f0c3db0c Architecture independent packages: Size/MD5: 422494 10e5d330120ae23eb2b85b2e6a779eca amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 2912498 264f76c2de25f569789ea90793fdd814 Size/MD5: 8052384 3c9f4400cddf2a251209e6351cf13bd8 Size/MD5: 2468256 a380b11ae81d9e08e49b2b37012ddbbf i386 architecture (x86 compatible Intel/AMD) Size/MD5: 2852262 9d23fd3a5722a623e63f42981d0425e6 Size/MD5: 7882298 58b4b6f4b304574e003fed0f52247400 Size/MD5: 2435474 43bdef72991cf1c41f09dbb6e8153f21 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 3536650 4d2aa7df363e35b302a1b6ec9a11a67e Size/MD5: 9379314 77b7df24ffa9cc6b146c19df533b2873 Size/MD5: 2572692 f7ccefe764c69541c7bdab7ebf212023 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: Size/MD5: 41141 3912bde660d30bdc9db259b1e4760fa8 Size/MD5: 781 99488b7c339737189950036dda41ac58 Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e Architecture independent packages: Size/MD5: 433890 571c4d3c59d12dc2648633da05debf1f amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 2839936 a150864ff843b4a7f2891bc8033f78b9 Size/MD5: 8022016 15283e00c70b96cc6703629c8d0aa73a Size/MD5: 1369076 e50eeb7b75e2a43ca805a5ae7ad661e9 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 2795900 db51c8d640ec43bf34c4a4ee4125b8d5 Size/MD5: 7868676 6ee9d67f9c08e1a054743d428af51cd9 Size/MD5: 1323878 4463e0ac4fae73f5b241e92e46205e33 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 3470772 b946466edc98a0bd2e5252229a2d7473 Size/MD5: 9386154 8c0d4741185a22c913dfddfd98c840f7 Size/MD5: 1465548 4e586fe1daaf83b5a6255cc05b4e9ab4 -- ubuntu-security-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds