lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 27 May 2005 13:38:56 +0200
From: Martin Pitt <>
Subject: [USN-136-1] binutils vulnerability

Ubuntu Security Notice USN-136-1	       May 27, 2005
binutils vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version (for Ubuntu 4.10), or 2.15-5ubuntu2.1
(for Ubuntu 5.04).  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Tavis Ormandy found an integer overflow in the Binary File Descriptor
(BFD) parser in the GNU debugger. The same vulnerable code is also
present in binutils. By tricking an user into processing a specially
crafted executable with the binutils tools (strings, objdump, nm,
readelf, etc.), an attacker could exploit this to execute arbitrary
code with the privileges of the user running the affected program.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:
      Size/MD5:    51417 f845b3e1355e35e68d0a318e36a2bab0
      Size/MD5:      802 710bf99bd72b1afae20fc92dd66ae031
      Size/MD5: 13625636 3211f9065fd85f5f726f08c2f0c3db0c

  Architecture independent packages:
      Size/MD5:   422494 10e5d330120ae23eb2b85b2e6a779eca

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  2912498 264f76c2de25f569789ea90793fdd814
      Size/MD5:  8052384 3c9f4400cddf2a251209e6351cf13bd8
      Size/MD5:  2468256 a380b11ae81d9e08e49b2b37012ddbbf

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  2852262 9d23fd3a5722a623e63f42981d0425e6
      Size/MD5:  7882298 58b4b6f4b304574e003fed0f52247400
      Size/MD5:  2435474 43bdef72991cf1c41f09dbb6e8153f21

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  3536650 4d2aa7df363e35b302a1b6ec9a11a67e
      Size/MD5:  9379314 77b7df24ffa9cc6b146c19df533b2873
      Size/MD5:  2572692 f7ccefe764c69541c7bdab7ebf212023

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:
      Size/MD5:    41141 3912bde660d30bdc9db259b1e4760fa8
      Size/MD5:      781 99488b7c339737189950036dda41ac58
      Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e

  Architecture independent packages:
      Size/MD5:   433890 571c4d3c59d12dc2648633da05debf1f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  2839936 a150864ff843b4a7f2891bc8033f78b9
      Size/MD5:  8022016 15283e00c70b96cc6703629c8d0aa73a
      Size/MD5:  1369076 e50eeb7b75e2a43ca805a5ae7ad661e9

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  2795900 db51c8d640ec43bf34c4a4ee4125b8d5
      Size/MD5:  7868676 6ee9d67f9c08e1a054743d428af51cd9
      Size/MD5:  1323878 4463e0ac4fae73f5b241e92e46205e33

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  3470772 b946466edc98a0bd2e5252229a2d7473
      Size/MD5:  9386154 8c0d4741185a22c913dfddfd98c840f7
      Size/MD5:  1465548 4e586fe1daaf83b5a6255cc05b4e9ab4

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists