[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060817062133.GD5168@piware.de>
Date: Thu, 17 Aug 2006 08:21:33 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-336-1] binutils vulnerability
===========================================================
Ubuntu Security Notice USN-336-1 August 16, 2006
binutils vulnerability
http://bugs.gentoo.org/show_bug.cgi?id=99464
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
binutils 2.15-5ubuntu2.4
Ubuntu 5.10:
binutils 2.16.1-2ubuntu6.2
binutils-static 2.16.1-2ubuntu6.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
A buffer overflow was discovered in gas (the GNU assembler). By
tricking an user or automated system (like a compile farm) into
assembling a specially crafted source file with gcc or gas, this could
be exploited to execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4.diff.gz
Size/MD5: 43030 165be56a4c94f4cf3edcd20bb26c6e40
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4.dsc
Size/MD5: 781 3a23d48803cc6ccc254de4bed6d1f6bc
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15.orig.tar.gz
Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.15-5ubuntu2.4_all.deb
Size/MD5: 434332 dfaae7efb7f1d2e8e776184fd17767d4
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.4_amd64.deb
Size/MD5: 2839652 b6b0ebc4d921c4e22fdceb703e378c55
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.4_amd64.deb
Size/MD5: 8021684 bc9f89cb0a83954894b7592d60c5723b
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4_amd64.deb
Size/MD5: 1369002 6cea7a328eeed4997974a7a1584fb9c5
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.4_i386.deb
Size/MD5: 2795812 8bd98d94b019bcf9f5179a9242501bd2
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.4_i386.deb
Size/MD5: 7868346 04fbf5ef9336da5926fccd01ac5d6ddf
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4_i386.deb
Size/MD5: 1323958 9cc06f28d94d285a33586e7086c453fd
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.4_powerpc.deb
Size/MD5: 3470788 9175f3010fa9d80a3069eef533339b34
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.4_powerpc.deb
Size/MD5: 9385400 e8827cf1704ad45eb9d93deca0f1410f
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4_powerpc.deb
Size/MD5: 1465166 ead0bbfd83183858da7265d60638ce41
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2.diff.gz
Size/MD5: 41243 beae257ca1a0e4abf77fa4ecddd4ff9c
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2.dsc
Size/MD5: 892 27a4ef64c54100424424313c8873bb6d
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1.orig.tar.gz
Size/MD5: 16378360 818bd33cc45bfe3d5b4b2ddf288ecdea
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.16.1-2ubuntu6.2_all.deb
Size/MD5: 459840 62bad45ce720098cd5d7bfcd7bdc73f7
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.2_amd64.deb
Size/MD5: 2359240 c9219796dd147dcab7b8c53bc71555c6
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.2_amd64.deb
Size/MD5: 7202160 5d5ff31efc9c788ee212cf16927fd25d
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.2_amd64.udeb
Size/MD5: 605798 859dc5148f5e9a03287d00f363f1b49d
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.2_amd64.deb
Size/MD5: 631940 13baf60e6742003f98f37a5634185642
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2_amd64.deb
Size/MD5: 1553658 7189b2459d4b502d48aa9672b7ec6549
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.2_i386.deb
Size/MD5: 2219950 33019299b1e8dd12b5d895dfa87bc21d
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.2_i386.deb
Size/MD5: 6748650 0c8b3ef38b1eb856e1b7709ecc614100
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.2_i386.udeb
Size/MD5: 500860 74f557eb5334985806b1538cc548678e
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.2_i386.deb
Size/MD5: 526702 fb3cc66b05cc187012d76209b766e38b
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2_i386.deb
Size/MD5: 1469958 43c4a9cd2676939986d2942df6802ddf
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.2_powerpc.deb
Size/MD5: 2836566 a62abafae842b82365461d169ec22560
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.2_powerpc.deb
Size/MD5: 8204644 2f61a9c28bbe75568f4fe1ee9d69e80a
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.2_powerpc.udeb
Size/MD5: 619148 6d397e7d80d9799afbf08f786d376dc0
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.2_powerpc.deb
Size/MD5: 645148 3431c1f8856d98e8a4e6042ce965b383
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2_powerpc.deb
Size/MD5: 1653244 b5f05a08244f787007e998983bd98404
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.2_sparc.deb
Size/MD5: 2198848 49b9d9a733e42c55e52d3716a45f74f4
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.2_sparc.deb
Size/MD5: 7109082 88695d693f09a7f02d23373092361ffe
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.2_sparc.udeb
Size/MD5: 622590 ad7cdd890181b06b6cb7d055dcdfa988
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.2_sparc.deb
Size/MD5: 648420 7ef50ebce215526620acaf8273eede10
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2_sparc.deb
Size/MD5: 1493928 9be9b0e14816abd1704b1dfbe0f804ca
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists