Ubuntu alert USN-7423-2 (binutils)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7423-2] GNU binutils vulnerabilities | |
| Date: | Tue, 29 Apr 2025 14:14:41 -0300 | |
| Message-ID: | <20250429171441.GA41493@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-7423-2 April 29, 2025 binutils vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in GNU binutils. Software Description: - binutils: GNU assembler, linker and binary utilities Details: USN-7423-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2025-0840) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. (CVE-2025-1153) It was discovered that ld in GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-1176) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS binutils 2.30-21ubuntu1~18.04.9+esm4 Available with Ubuntu Pro binutils-multiarch 2.30-21ubuntu1~18.04.9+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS binutils 2.26.1-1ubuntu1~16.04.8+esm11 Available with Ubuntu Pro binutils-multiarch 2.26.1-1ubuntu1~16.04.8+esm11 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7423-2 https://ubuntu.com/security/notices/USN-7423-1 CVE-2025-0840, CVE-2025-1153, CVE-2025-1176
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmgRCP0ACgkQRbznW4QL H2ku+A/+IRL3oENKIi/TEGW3gYsWFa1FKn+2vngIFSBGes5p73XHPe5cbjZyVh5+ q9gESIZ0VKLQ1M1pW5durbeaW2ss0qb1/1VLxq3RvvEXkuw3YI04sCj8E4WMIKsy V6OJV7VA2AaeSq//gRRFWLC6UeSkpjozbGhGMfFwfFc7Q5yf5cQjUuq1wb1HL+mv g5CDKJE4N2h9f5LW75mO4YvglWtGXGRLGP/erSo10L99VY/Isc4ZdY+tILgXqThT l6JQSArk88+l+geih+eQNCtEx1lXT4URM9ghNWDN4YrLUfnrQyf9HI+ebuTzF6pZ rzVtjiZ7MC89iq84vak7IJyC08dA05xw+cW0XzcDUQIJFImGfk+xe1Ee3QvwkngK 4HKHjJQ//6N2BFRV6nB7vI7L9RrwpCU90r94xhwBbt0QvYDGTqkvnjHT9xt+3F1Q QgyJE7SG7evLtYcTZbVVrMX/FAVpWQrzUJO1mwFv+Gp/ecmDRzIs4zVeBshurkBD 6O2iO6hpALhNjbX6s5Dp3Hlws1Cn2ARZ5ROaDowBB+jyYt93pOiI3BE82eZ9ZGAs k2OnIe7pErfDbaLrj7dxcA2CSUGvvkRH1ckqXgz0HmKqCDQmmEYYazD+KwRyowuq JNSHy7qt7lz7kxIcaKcWKhL0d8oWuwndbUECEnWt6hhRT0NoIPI= =LcDZ -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)