UbuntuUpdates.org

Package "binutils-dev"

Name: binutils-dev

Description:

GNU binary utilities (BFD development files)

Latest version: 2.30-21ubuntu1~18.04.9
Release: bionic (18.04)
Level: security
Repository: main
Head package: binutils
Homepage: https://www.gnu.org/software/binutils/

Links


Download "binutils-dev"


Other versions of "binutils-dev" in Bionic

Repository Area Version
base main 2.30-15ubuntu1
updates main 2.30-21ubuntu1~18.04.9

Changelog

Version: 2.30-21ubuntu1~18.04.3 2020-04-22 13:06:34 UTC

  binutils (2.30-21ubuntu1~18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via a large attribute section
    - debian/patches/CVE-2018-8945.patch: prevent a memory exhaustion
      failure when running objdump on a fuzzed input file with corrupt
      string and attribute sections.
    - CVE-2018-8945
    - CVE-2018-13033
  * SECURITY UPDATE: stack Exhaustion in C++ demangling
    - debian/patches/CVE-2018-9138.patch: limit recusion and add
      --no-recruse-limit option to tools that support name demangling.
    - debian/patches/CVE-2018-9138-2.patch: fix a failure in the libiberty
      testsuite by increasing the recursion limit to 2048.
    - CVE-2018-9138
    - CVE-2018-12641
    - CVE-2018-12697
    - CVE-2018-12698
    - CVE-2018-12699
    - CVE-2018-12700
    - CVE-2018-17794
    - CVE-2018-17985
    - CVE-2018-18484
    - CVE-2018-18700
    - CVE-2018-18701
  * SECURITY UPDATE: denial of service via crafted binary file
    - debian/patches/CVE-2018-10372.patch: fix illegal memory access when
      parsing corrupt DWARF information.
    - CVE-2018-10372
  * SECURITY UPDATE: denial of service via crafted binary file
    - debian/patches/CVE-2018-10373.patch: add a check for a NULL table
      pointer before attempting to compute a DWARF filename.
    - CVE-2018-10373
  * SECURITY UPDATE: out-of-bounds memory write
    - debian/patches/CVE-2018-10534.patch: fix an illegal memory access
      when copying a PE format file with corrupt debug information.
    - CVE-2018-10534
  * SECURITY UPDATE: denial of service via crafted file
    - debian/patches/CVE-2018-10535.patch: fix an illegal memory access
      when trying to copy an ELF binary with corrupt section symbols.
    - CVE-2018-10535
  * SECURITY UPDATE: excessive memory consumption
    - debian/patches/CVE-2018-12934.patch: remove support for demangling
      GCC 2.x era mangling schemes.
    - debian/patches/CVE-2018-12934-2.patch: remove support for old gnu v2
      name mangling.
    - CVE-2018-12934
    - CVE-2018-18483
  * SECURITY UPDATE: denial of service via crafted ELF file
    - debian/patches/CVE-2018-1735x.patch: fix two segment faults in nm.
    - CVE-2018-17358
    - CVE-2018-17359
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2018-17360.patch: fix buffer overflow.
    - CVE-2018-17360
  * SECURITY UPDATE: DoS via invalid memory address
    - debian/patches/CVE-2018-18309.patch: add _bfd_clear_contents bounds
      checking.
    - CVE-2018-18309
  * SECURITY UPDATE: DoS via heap-based buffer over-read
    - debian/patches/CVE-2018-18605.patch: fix buffer overflow in
      sec_merge_hash_lookup.
    - CVE-2018-18605
  * SECURITY UPDATE: DoS via NULL pointer dereference
    - debian/patches/CVE-2018-18606.patch: fix NULL pointer dereference in
      merge_strings.
    - CVE-2018-18606
  * SECURITY UPDATE: DoS via NULL pointer dereference
    - debian/patches/CVE-2018-18607.patch: fix NULL pointer dereference in
      elf_link_input_bfd.
    - CVE-2018-18607
  * SECURITY UPDATE: heap-based buffer overflow in bfd_elf32_swap_phdr_in
    - debian/patches/CVE-2018-19931.patch: Fix a memory exhaustion bug when
      attempting to allocate room for an impossible number of program
      headers.
    - CVE-2018-19931
  * SECURITY UPDATE: integer overflow and infinite loop
    - debian/patches/CVE-2018-19932.patch: remove an abort in the bfd
      library and add a check for an integer overflow when mapping sections
      to segments.
    - CVE-2018-19932
  * SECURITY UPDATE: memory leak via crafted ELF file
    - debian/patches/CVE-2018-20002.patch: fix memory leak in
      _bfd_generic_read_minisymbols.
    - CVE-2018-20002
  * SECURITY UPDATE: use-after-free in error function
    - debian/patches/CVE-2018-20623.patch: fix a heap use after free memory
      access fault when displaying error messages about malformed archives.
    - CVE-2018-20623
  * SECURITY UPDATE: NULL pointer deref in elf_link_add_object_symbols
    - debian/patches/CVE-2018-20651.patch: fix Invalid Memory Address
      Dereference in elf_link_add_object_symbols.
    - CVE-2018-20651
  * SECURITY UPDATE: heap-based buffer overflow via a crafted section size
    - debian/patches/CVE-2018-20671.patch: fix a possible integer overflow
      problem when examining corrupt binaries using a 32-bit binutil.
    - CVE-2018-20671
  * SECURITY UPDATE: code exec via integer overflow triggered heap overflow
    - debian/patches/CVE-2018-1000876.patch: detect long overflows.
    - CVE-2018-1000876
  * SECURITY UPDATE: stack consumption and heap-based buffer over-read
    - debian/patches/CVE-2019-907x.patch: reject negative lengths and add
      recursion counter.
    - CVE-2019-9070
    - CVE-2019-9071
  * SECURITY UPDATE: excessive memory allocation
    - debian/patches/CVE-2019-9073.patch: check for incomplete data.
    - CVE-2019-9073
  * SECURITY UPDATE: out-of-bounds read leading to a SEGV
    - debian/patches/CVE-2019-9074.patch: correct checks attempting to
      prevent read past end of section.
    - CVE-2019-9074
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2019-9075.patch: fix heap buffer overflow in
      _bfd_archive_64_bit_slurp_armap.
    - CVE-2019-9075
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2019-9077.patch: fix a illegal memory access fault
      when parsing a corrupt MIPS option section using readelf.
    - CVE-2019-9077
  * SECURITY UPDATE: heap-based buffer over-read in _bfd_doprnt
    - debian/patches/CVE-2019-12972.patch: fix string table corruption.
    - CVE-2019-12972
  * SECURITY UPDATE: integer overflow and heap-based buffer overflow
    - debian/patches/CVE-2019-14250.patch: check zero value shstrndx.
    - CVE-2019-14250
  * SECURITY UPDATE: write access violation via ELF file
    - debian/patches/CVE-2019-14444.patch: catch potential integer overflow
      in readelf when processing corrupt binaries.
    - CVE-2019-14444
  * S

Source diff to previous version
CVE-2018-8945 The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows rem
CVE-2018-13033 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (exc
CVE-2018-9138 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling
CVE-2018-12641 An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling
CVE-2018-12697 A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as
CVE-2018-12698 demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka
CVE-2018-12699 finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified o
CVE-2018-12700 A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-17794 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_
CVE-2018-17985 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cp
CVE-2018-18484 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functio
CVE-2018-18700 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting
CVE-2018-18701 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting
CVE-2018-10372 process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application
CVE-2018-10373 concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to
CVE-2018-10534 The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU B
CVE-2018-10535 The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not vali
CVE-2018-12934 remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OO
CVE-2018-18483 The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (ma
CVE-2018-1735 RESERVED
CVE-2018-17358 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exist
CVE-2018-17359 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exist
CVE-2018-17360 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read
CVE-2018-18309 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dere
CVE-2018-18605 A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka
CVE-2018-18606 An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binu
CVE-2018-18607 An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2
CVE-2018-19931 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based
CVE-2018-19932 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer ov
CVE-2018-20002 The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, h
CVE-2018-20623 In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a
CVE-2018-20651 A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as di
CVE-2018-20671 load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buff
CVE-2018-1000876 binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_re
CVE-2019-9070 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c
CVE-2019-9071 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-dema
CVE-2019-9073 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive m
CVE-2019-9074 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read le
CVE-2019-9075 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer over
CVE-2019-9077 An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option se
CVE-2019-12972 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer o
CVE-2019-14250 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a ze
CVE-2019-14444 apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_p
CVE-2019-17450 find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attac
CVE-2019-17451 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow lead

Version: 2.30-21ubuntu1~18.04.2 2019-06-13 14:07:04 UTC

  binutils (2.30-21ubuntu1~18.04.2) bionic; urgency=medium

  * No-change rebuild strictly against -security only (LP: #1828171).

 -- Ɓukasz 'sil2100' Zemczak <email address hidden> Wed, 08 May 2019 10:14:07 +0200

Source diff to previous version

Version: 2.30-20ubuntu2~18.04 2018-06-07 08:07:23 UTC

  binutils (2.30-20ubuntu2~18.04) bionic-security; urgency=medium

  * Combined security update / SRU: LP: #1771635, LP: #1769657.

1771635 SRU: update binutils for bionic



About   -   Send Feedback to @ubuntu_updates