USN-292-1: binutils vulnerability
Posted on: 06/09/2006 02:12 PM

A new binutils vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-292-1 June 09, 2006
binutils vulnerability
CVE-2006-2362
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
binutils 2.15-5ubuntu2.3
binutils-dev 2.15-5ubuntu2.3

Ubuntu 5.10:
binutils 2.16.1-2ubuntu6.1
binutils-dev 2.16.1-2ubuntu6.1

Ubuntu 6.06 LTS:
binutils 2.16.1cvs20060117-1ubuntu2.1
binutils-dev 2.16.1cvs20060117-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

CVE-2006-2362

Jesus Olmos Gonzalez discovered a buffer overflow in the Tektronix Hex
Format (TekHex) backend of the BFD library, such as used by the
'strings' utility. By tricking an user or automated system into
processing a specially crafted file with 'strings' or a vulnerable
third-party application using the BFD library, this could be exploited
to crash the application, or possibly even execute arbitrary code with
the privileges of the user.

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5u=
buntu2.3.diff.gz
Size/MD5: 42485 80c80af3cabf28f2d94c8050141c1799
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5u=
buntu2.3.dsc
Size/MD5: 781 3193a91375ca923cd096d67e1baf5f70
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15.or=
ig.tar.gz
Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.1=
5-5ubuntu2.3_all.deb
Size/MD5: 434164 afd17f5f5fda5ac8bfb51e5f28d2aabe

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
5-5ubuntu2.3_amd64.deb
Size/MD5: 2839664 45f59cff5b54b4bc490a5d1a19c6edfb
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.15-5ubuntu2.3_amd64.deb
Size/MD5: 8021638 5cff900484834c17832a5e4153d52bea
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5u=
buntu2.3_amd64.deb
Size/MD5: 1368978 5181ad2ba9bc81d3425a40ddd5b7c8b3

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
5-5ubuntu2.3_i386.deb
Size/MD5: 2795808 58a177d7b22d4cac79f4aa0e6fce19d8
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.15-5ubuntu2.3_i386.deb
Size/MD5: 7868360 0421358316d31dd7eed8e6501b513b1f
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5u=
buntu2.3_i386.deb
Size/MD5: 1323786 d0b38cac43404b4ab990cb8c91297a31

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
5-5ubuntu2.3_powerpc.deb
Size/MD5: 3470818 22a23835d8c87e5138f049a1366f8d72
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.15-5ubuntu2.3_powerpc.deb
Size/MD5: 9385376 bc2b248edc473e43e5f6e79c07f16f2b
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5u=
buntu2.3_powerpc.deb
Size/MD5: 1464932 4555df0ac5ec08900a699561b18af0ef

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.1.diff.gz
Size/MD5: 40719 cc66e2e40734ba885e2ba5aa2fdfefe8
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.1.dsc
Size/MD5: 892 cab651309c26e9d0836244566c3b531a
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1.=
orig.tar.gz
Size/MD5: 16378360 818bd33cc45bfe3d5b4b2ddf288ecdea

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.1=
6.1-2ubuntu6.1_all.deb
Size/MD5: 459696 5ee7d462a7ceb5556696786d77bc35c3

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1-2ubuntu6.1_amd64.deb
Size/MD5: 2359248 228b915e78af33a0a55a22d9bc5c0d97
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1-2ubuntu6.1_amd64.deb
Size/MD5: 7202130 40b75a560600b1875856d4fd0269d7a7
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1-2ubuntu6.1_amd64.udeb
Size/MD5: 605800 e8f46421823b202b41d28fa04689faea
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1-2ubuntu6.1_amd64.deb
Size/MD5: 631796 1d81a54c83f2c36a808ab2bbf76847db
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.1_amd64.deb
Size/MD5: 1553476 e33280cc3782d5c49b8e791b853798f7

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1-2ubuntu6.1_i386.deb
Size/MD5: 2219870 4583274706b566f0b793437b0911c38a
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1-2ubuntu6.1_i386.deb
Size/MD5: 6748662 b2410965d5b12bfb90c661ade957f36c
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1-2ubuntu6.1_i386.udeb
Size/MD5: 500856 a47952adc1115e616c9ced5f017b3b01
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1-2ubuntu6.1_i386.deb
Size/MD5: 526550 c5e7b75387de923d1587e16f47a6c2f8
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.1_i386.deb
Size/MD5: 1469762 22f41b9c30f6b5eb5ea65bac4d7181ac

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1-2ubuntu6.1_powerpc.deb
Size/MD5: 2836630 d52475018822448eca341ca8e72aa2a2
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1-2ubuntu6.1_powerpc.deb
Size/MD5: 8204686 fd095eff270a158450a698378748c1de
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1-2ubuntu6.1_powerpc.udeb
Size/MD5: 619146 d28e2c16bf584aa5796182425cc2cb59
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1-2ubuntu6.1_powerpc.deb
Size/MD5: 645000 5c7ed7ef9ce1862bcc423b0a1c8ed482
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.1_powerpc.deb
Size/MD5: 1653150 9306e61c255a357b24eb42a156072e45

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1c=
vs20060117-1ubuntu2.1.diff.gz
Size/MD5: 109962 b95a8854158a925d13d215178af9e486
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1c=
vs20060117-1ubuntu2.1.dsc
Size/MD5: 935 37392e8f2fe4d5d5236bc316fe23c6ff
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1c=
vs20060117.orig.tar.gz
Size/MD5: 15861156 07e4b34aad2c87c8dd1760bf31f07d19

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.1=
6.1cvs20060117-1ubuntu2.1_all.deb
Size/MD5: 472476 6855cfbfad68ff0d65645b496b01f47e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1cvs20060117-1ubuntu2.1_amd64.deb
Size/MD5: 2526846 12fc9c07d960944cc7a84116c2935bca
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1cvs20060117-1ubuntu2.1_amd64.deb
Size/MD5: 7623950 a090a6a8eb5338e56a30b4f487746a5a
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1cvs20060117-1ubuntu2.1_amd64.udeb
Size/MD5: 619416 8330c3d630ad9b92f244025d5f12e9b8
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1cvs20060117-1ubuntu2.1_amd64.deb
Size/MD5: 646188 416a1c716fafbf927962ea1234982b29
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1c=
vs20060117-1ubuntu2.1_amd64.deb
Size/MD5: 1563528 48102b51587abae5aa01220f03be3eae

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1cvs20060117-1ubuntu2.1_i386.deb
Size/MD5: 2378764 88f5684031a424e739297aeecef1339c
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1cvs20060117-1ubuntu2.1_i386.deb
Size/MD5: 7088902 2312578ed334da7c4b86f505cae6efba
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1cvs20060117-1ubuntu2.1_i386.udeb
Size/MD5: 509156 4e94095ce26b880568592830603fc70c
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1cvs20060117-1ubuntu2.1_i386.deb
Size/MD5: 536126 704f32352d39feaea0fe1634669b43c0
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1c=
vs20060117-1ubuntu2.1_i386.deb
Size/MD5: 1406670 4499747cec6bb1463f7b85144d59f466

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1cvs20060117-1ubuntu2.1_powerpc.deb
Size/MD5: 3037336 fb0166dc0ae77d7bdd697aef77627ddf
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
Size/MD5: 8637182 ed2cc2d8bb12a76afa57795dce320cdd
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1cvs20060117-1ubuntu2.1_powerpc.udeb
Size/MD5: 633678 01f1fecbd32a6b6b034b8b15426b2f0b
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1cvs20060117-1ubuntu2.1_powerpc.deb
Size/MD5: 660370 15875532d9a87a7c4ecf2f861d536f8b
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1c=
vs20060117-1ubuntu2.1_powerpc.deb
Size/MD5: 1599984 4d9b62d36d5de26639506e7b1f29bdb8

--+g7M9IMkV8truYOl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEiVGLDecnbV4Fd/IRAq3EAKDJIoIST8phAP/XGR6mVy8bzk0OAQCg778j
5iAxEaW+50Mgptsfo8z7OLw=
=L2gh
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_292_1_binutils_vulnerability.html)