USN-366-1: binutils vulnerability
Posted on: 10/19/2006 12:00 AM

A new binutils vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-366-1 October 18, 2006
binutils vulnerability
CVE-2005-4808
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
binutils 2.16.1-2ubuntu6.3
binutils-static 2.16.1-2ubuntu6.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A buffer overflow was discovered in gas (the GNU assembler). By
tricking an user or automated system (like a compile farm) into
assembling a specially crafted source file with gcc or gas, this could
be exploited to execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.3.diff.gz
Size/MD5: 41663 eb868bd74f535df57afe1cdf6630f5f7
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.3.dsc
Size/MD5: 892 2959647799b6a665bea62066279e2ce7
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1.=
orig.tar.gz
Size/MD5: 16378360 818bd33cc45bfe3d5b4b2ddf288ecdea

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.1=
6.1-2ubuntu6.3_all.deb
Size/MD5: 459922 3007ff36ccf1f20d02c92684e74862bd

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1-2ubuntu6.3_amd64.deb
Size/MD5: 2359216 db2762f982b4a9251f3a9420960c5837
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1-2ubuntu6.3_amd64.deb
Size/MD5: 7202118 66c145b29ecba13265c90ff14eee743d
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1-2ubuntu6.3_amd64.udeb
Size/MD5: 605798 7e84c6ae5c9283b6bbc2519dc5ea045b
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1-2ubuntu6.3_amd64.deb
Size/MD5: 632032 95ab22250e577fbfc3a7a93b15ca12e4
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.3_amd64.deb
Size/MD5: 1553768 3bb85a70948df7436f59fa69746281d7

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1-2ubuntu6.3_i386.deb
Size/MD5: 2219910 7eeebf4b5fd5df9887c7e782375f37c2
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1-2ubuntu6.3_i386.deb
Size/MD5: 6748598 f31d91f437947a96c39cc638c7204bcb
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1-2ubuntu6.3_i386.udeb
Size/MD5: 500860 340069f8b292df6cadd2f3b6919ce332
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1-2ubuntu6.3_i386.deb
Size/MD5: 526798 447e3be6be74c1cc6b3210255965c5dd
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.3_i386.deb
Size/MD5: 1470052 efc870689b6d3fd90b9a078670498a5b

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1-2ubuntu6.3_powerpc.deb
Size/MD5: 2836604 a70cc1fb92e14aa2ba3d141854fef344
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1-2ubuntu6.3_powerpc.deb
Size/MD5: 8204624 6503f8145c38f0e009236c9625d19538
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1-2ubuntu6.3_powerpc.udeb
Size/MD5: 619148 1beb63b658036d46ae917bd41d7fd2b6
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1-2ubuntu6.3_powerpc.deb
Size/MD5: 645238 cfe70541d367b7e8345362c10085496f
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.3_powerpc.deb
Size/MD5: 1653200 dd230b6a61934185aaf084921a1b4df0

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.1=
6.1-2ubuntu6.3_sparc.deb
Size/MD5: 2198844 f1f90a2b1bdc569ee85c467e79a99bd1
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mul=
tiarch_2.16.1-2ubuntu6.3_sparc.deb
Size/MD5: 7109028 649c2e8ecd95081d61e8f232dc1c7135
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-=
udeb_2.16.1-2ubuntu6.3_sparc.udeb
Size/MD5: 622592 254e2d9f860f0cd7c7d316a6d0338aa3
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_=
2.16.1-2ubuntu6.3_sparc.deb
Size/MD5: 648510 6aac4122fa6848e2dfd5754da7100a76
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-=
2ubuntu6.3_sparc.deb
Size/MD5: 1494012 aa172404df517bbdef896cffa6bfb59b


--oDto3OTLsk6uOlQH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFNpN/H/9LqRcGPm0RAkFlAJ9jFagtu69hYIo9Xp4AiFTdjTcaCgCfc7aI
U2msGVtEnayzQbpxiqtTj7Q=
=f3nW
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_366_1_binutils_vulnerability.html)