[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GHuNQ-00088N-N1@mercury.mandriva.com>
Date: Mon, 28 Aug 2006 21:35:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:153 ] - Updated binutils packages
fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:153
http://www.mandriva.com/security/
_______________________________________________________________________
Package : binutils
Date : August 28, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
A stack-based buffer overflow in messages.c in the GNU as (gas)
assembler in Free Software Foundation GNU Binutils before 20050721
allows attackers to execute arbitrary code via a .c file with crafted
inline assembly code (CVE-2005-4807).
Buffer overflow in getsym in tekhex.c in libbfd in Free Software
Foundation GNU Binutils before 20060423, as used by GNU strings, allows
context-dependent attackers to cause a denial of service (application
crash) and possibly execute arbitrary code via a file with a crafted
Tektronix Hex Format (TekHex?) record in which the length character is
not a valid hexadecimal character (CVE-2006-2362).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2362
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
a514aef8f0aae8017c36c6373c546f1f 2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.i586.rpm
608c036f1cf3604f70254d834a1be68c 2006.0/RPMS/libbinutils2-2.16.91.0.2-3.1.20060mdk.i586.rpm
3b215ae344eecd901ac81bc72d313dbb 2006.0/RPMS/libbinutils2-devel-2.16.91.0.2-3.1.20060mdk.i586.rpm
cd7e83cac0c468d104c10b402bb21a53 2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
e52fa90704f954868c4619119e8e833d x86_64/2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
1117083b22061902fe40d87c1d7b9c22 x86_64/2006.0/RPMS/lib64binutils2-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
6ff27559c550109d9843e034181a0fa4 x86_64/2006.0/RPMS/lib64binutils2-devel-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
cd7e83cac0c468d104c10b402bb21a53 x86_64/2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm
Corporate 3.0:
84f8aea5d202ba206ca31871047d8a5f corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.i586.rpm
d72ede02c6410aad9ec98bfc931f2b2b corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.3.C30mdk.i586.rpm
647d07675b4eabfa2cfe8933342cf46d corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.3.C30mdk.i586.rpm
a0f5c767dcb258960cb0b9004e6f73d3 corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
54d559b890d485b7979446499b8dad5a x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
35f8cf549a5a8222e933b150775efdee x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
0df49c77c9bf02a1b3686387580ad7e3 x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
a0f5c767dcb258960cb0b9004e6f73d3 x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE84vRmqjQ0CJFipgRApYkAKDZMyBRi8S7tFQhLu7BBksXEJZ99wCgigBG
KQaiJLXuFtCzHgx664/xGe8=
=ApW9
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists