[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050527113856.GA21233@piware.de>
Date: Fri May 27 12:39:00 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-136-1] binutils vulnerability
===========================================================
Ubuntu Security Notice USN-136-1 May 27, 2005
binutils vulnerability
CAN-2005-1704
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
binutils
binutils-multiarch
The problem can be corrected by upgrading the affected package to
version 2.14.90.0.7-8ubuntu0.2 (for Ubuntu 4.10), or 2.15-5ubuntu2.1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Tavis Ormandy found an integer overflow in the Binary File Descriptor
(BFD) parser in the GNU debugger. The same vulnerable code is also
present in binutils. By tricking an user into processing a specially
crafted executable with the binutils tools (strings, objdump, nm,
readelf, etc.), an attacker could exploit this to execute arbitrary
code with the privileges of the user running the affected program.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2.diff.gz
Size/MD5: 51417 f845b3e1355e35e68d0a318e36a2bab0
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2.dsc
Size/MD5: 802 710bf99bd72b1afae20fc92dd66ae031
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7.orig.tar.gz
Size/MD5: 13625636 3211f9065fd85f5f726f08c2f0c3db0c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.14.90.0.7-8ubuntu0.2_all.deb
Size/MD5: 422494 10e5d330120ae23eb2b85b2e6a779eca
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.14.90.0.7-8ubuntu0.2_amd64.deb
Size/MD5: 2912498 264f76c2de25f569789ea90793fdd814
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.14.90.0.7-8ubuntu0.2_amd64.deb
Size/MD5: 8052384 3c9f4400cddf2a251209e6351cf13bd8
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2_amd64.deb
Size/MD5: 2468256 a380b11ae81d9e08e49b2b37012ddbbf
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.14.90.0.7-8ubuntu0.2_i386.deb
Size/MD5: 2852262 9d23fd3a5722a623e63f42981d0425e6
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.14.90.0.7-8ubuntu0.2_i386.deb
Size/MD5: 7882298 58b4b6f4b304574e003fed0f52247400
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2_i386.deb
Size/MD5: 2435474 43bdef72991cf1c41f09dbb6e8153f21
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.14.90.0.7-8ubuntu0.2_powerpc.deb
Size/MD5: 3536650 4d2aa7df363e35b302a1b6ec9a11a67e
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.14.90.0.7-8ubuntu0.2_powerpc.deb
Size/MD5: 9379314 77b7df24ffa9cc6b146c19df533b2873
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2_powerpc.deb
Size/MD5: 2572692 f7ccefe764c69541c7bdab7ebf212023
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1.diff.gz
Size/MD5: 41141 3912bde660d30bdc9db259b1e4760fa8
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1.dsc
Size/MD5: 781 99488b7c339737189950036dda41ac58
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15.orig.tar.gz
Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.15-5ubuntu2.1_all.deb
Size/MD5: 433890 571c4d3c59d12dc2648633da05debf1f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.1_amd64.deb
Size/MD5: 2839936 a150864ff843b4a7f2891bc8033f78b9
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.1_amd64.deb
Size/MD5: 8022016 15283e00c70b96cc6703629c8d0aa73a
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1_amd64.deb
Size/MD5: 1369076 e50eeb7b75e2a43ca805a5ae7ad661e9
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.1_i386.deb
Size/MD5: 2795900 db51c8d640ec43bf34c4a4ee4125b8d5
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.1_i386.deb
Size/MD5: 7868676 6ee9d67f9c08e1a054743d428af51cd9
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1_i386.deb
Size/MD5: 1323878 4463e0ac4fae73f5b241e92e46205e33
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.1_powerpc.deb
Size/MD5: 3470772 b946466edc98a0bd2e5252229a2d7473
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.1_powerpc.deb
Size/MD5: 9386154 8c0d4741185a22c913dfddfd98c840f7
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1_powerpc.deb
Size/MD5: 1465548 4e586fe1daaf83b5a6255cc05b4e9ab4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050527/6412b2b4/attachment.bin
Powered by blists - more mailing lists