lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060609104635.GB5115@piware.de>
Date: Fri, 9 Jun 2006 12:46:35 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-292-1] binutils vulnerability

=========================================================== 
Ubuntu Security Notice USN-292-1              June 09, 2006
binutils vulnerability
CVE-2006-2362
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  binutils                       2.15-5ubuntu2.3
  binutils-dev                   2.15-5ubuntu2.3

Ubuntu 5.10:
  binutils                       2.16.1-2ubuntu6.1
  binutils-dev                   2.16.1-2ubuntu6.1

Ubuntu 6.06 LTS:
  binutils                       2.16.1cvs20060117-1ubuntu2.1
  binutils-dev                   2.16.1cvs20060117-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

CVE-2006-2362

Jesus Olmos Gonzalez discovered a buffer overflow in the Tektronix Hex
Format (TekHex) backend of the BFD library, such as used by the
'strings' utility. By tricking an user or automated system into
processing a specially crafted file with 'strings' or a vulnerable
third-party application using the BFD library, this could be exploited
to crash the application, or possibly even execute arbitrary code with
the privileges of the user.

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3.diff.gz
      Size/MD5:    42485 80c80af3cabf28f2d94c8050141c1799
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3.dsc
      Size/MD5:      781 3193a91375ca923cd096d67e1baf5f70
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15.orig.tar.gz
      Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.15-5ubuntu2.3_all.deb
      Size/MD5:   434164 afd17f5f5fda5ac8bfb51e5f28d2aabe

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.3_amd64.deb
      Size/MD5:  2839664 45f59cff5b54b4bc490a5d1a19c6edfb
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.3_amd64.deb
      Size/MD5:  8021638 5cff900484834c17832a5e4153d52bea
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3_amd64.deb
      Size/MD5:  1368978 5181ad2ba9bc81d3425a40ddd5b7c8b3

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.3_i386.deb
      Size/MD5:  2795808 58a177d7b22d4cac79f4aa0e6fce19d8
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.3_i386.deb
      Size/MD5:  7868360 0421358316d31dd7eed8e6501b513b1f
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3_i386.deb
      Size/MD5:  1323786 d0b38cac43404b4ab990cb8c91297a31

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.3_powerpc.deb
      Size/MD5:  3470818 22a23835d8c87e5138f049a1366f8d72
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.3_powerpc.deb
      Size/MD5:  9385376 bc2b248edc473e43e5f6e79c07f16f2b
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.3_powerpc.deb
      Size/MD5:  1464932 4555df0ac5ec08900a699561b18af0ef

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1.diff.gz
      Size/MD5:    40719 cc66e2e40734ba885e2ba5aa2fdfefe8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1.dsc
      Size/MD5:      892 cab651309c26e9d0836244566c3b531a
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1.orig.tar.gz
      Size/MD5: 16378360 818bd33cc45bfe3d5b4b2ddf288ecdea

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.16.1-2ubuntu6.1_all.deb
      Size/MD5:   459696 5ee7d462a7ceb5556696786d77bc35c3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.1_amd64.deb
      Size/MD5:  2359248 228b915e78af33a0a55a22d9bc5c0d97
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.1_amd64.deb
      Size/MD5:  7202130 40b75a560600b1875856d4fd0269d7a7
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.1_amd64.udeb
      Size/MD5:   605800 e8f46421823b202b41d28fa04689faea
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.1_amd64.deb
      Size/MD5:   631796 1d81a54c83f2c36a808ab2bbf76847db
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1_amd64.deb
      Size/MD5:  1553476 e33280cc3782d5c49b8e791b853798f7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.1_i386.deb
      Size/MD5:  2219870 4583274706b566f0b793437b0911c38a
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.1_i386.deb
      Size/MD5:  6748662 b2410965d5b12bfb90c661ade957f36c
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.1_i386.udeb
      Size/MD5:   500856 a47952adc1115e616c9ced5f017b3b01
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.1_i386.deb
      Size/MD5:   526550 c5e7b75387de923d1587e16f47a6c2f8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1_i386.deb
      Size/MD5:  1469762 22f41b9c30f6b5eb5ea65bac4d7181ac

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.1_powerpc.deb
      Size/MD5:  2836630 d52475018822448eca341ca8e72aa2a2
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.1_powerpc.deb
      Size/MD5:  8204686 fd095eff270a158450a698378748c1de
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.1_powerpc.udeb
      Size/MD5:   619146 d28e2c16bf584aa5796182425cc2cb59
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.1_powerpc.deb
      Size/MD5:   645000 5c7ed7ef9ce1862bcc423b0a1c8ed482
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.1_powerpc.deb
      Size/MD5:  1653150 9306e61c255a357b24eb42a156072e45

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1.diff.gz
      Size/MD5:   109962 b95a8854158a925d13d215178af9e486
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1.dsc
      Size/MD5:      935 37392e8f2fe4d5d5236bc316fe23c6ff
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117.orig.tar.gz
      Size/MD5: 15861156 07e4b34aad2c87c8dd1760bf31f07d19

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.16.1cvs20060117-1ubuntu2.1_all.deb
      Size/MD5:   472476 6855cfbfad68ff0d65645b496b01f47e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1cvs20060117-1ubuntu2.1_amd64.deb
      Size/MD5:  2526846 12fc9c07d960944cc7a84116c2935bca
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1cvs20060117-1ubuntu2.1_amd64.deb
      Size/MD5:  7623950 a090a6a8eb5338e56a30b4f487746a5a
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1cvs20060117-1ubuntu2.1_amd64.udeb
      Size/MD5:   619416 8330c3d630ad9b92f244025d5f12e9b8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1cvs20060117-1ubuntu2.1_amd64.deb
      Size/MD5:   646188 416a1c716fafbf927962ea1234982b29
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1_amd64.deb
      Size/MD5:  1563528 48102b51587abae5aa01220f03be3eae

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1cvs20060117-1ubuntu2.1_i386.deb
      Size/MD5:  2378764 88f5684031a424e739297aeecef1339c
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1cvs20060117-1ubuntu2.1_i386.deb
      Size/MD5:  7088902 2312578ed334da7c4b86f505cae6efba
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1cvs20060117-1ubuntu2.1_i386.udeb
      Size/MD5:   509156 4e94095ce26b880568592830603fc70c
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1cvs20060117-1ubuntu2.1_i386.deb
      Size/MD5:   536126 704f32352d39feaea0fe1634669b43c0
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1_i386.deb
      Size/MD5:  1406670 4499747cec6bb1463f7b85144d59f466

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
      Size/MD5:  3037336 fb0166dc0ae77d7bdd697aef77627ddf
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
      Size/MD5:  8637182 ed2cc2d8bb12a76afa57795dce320cdd
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1cvs20060117-1ubuntu2.1_powerpc.udeb
      Size/MD5:   633678 01f1fecbd32a6b6b034b8b15426b2f0b
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
      Size/MD5:   660370 15875532d9a87a7c4ecf2f861d536f8b
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
      Size/MD5:  1599984 4d9b62d36d5de26639506e7b1f29bdb8

Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ