Package "binutils-common"
Name: |
binutils-common
|
Description: |
Common files for the GNU assembler, linker and binary utilities
|
Latest version: |
2.34-6ubuntu1.9 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Head package: |
binutils |
Homepage: |
https://www.gnu.org/software/binutils/ |
Links
Download "binutils-common"
Other versions of "binutils-common" in Focal
Changelog
binutils (2.34-6ubuntu1.9) focal-security; urgency=medium
* SECURITY UPDATE: segmentation fault in objdump.c compare_symbols
- debian/patches/CVE-2022-47695.patch: test symbol flags to exclude
section and synthetic symbols before attempting to check flavour
(compare_symbols).
- CVE-2022-47695
* SECURITY UPDATE: excessive memory allocation in objdump.c
- debian/patches/CVE-2022-48063.patch: check that the amount of memory to
be allocated matches the size of the section
(load_specific_debug_section).
- CVE-2022-48063
* SECURITY UPDATE: Memory leak in find_abstract_instance in dwarf2.c
- debian/patches/CVE-2022-48065.patch: remove memory leaks due to double
allocation of the name variable, and free memory before re-assigning a
new naming variable
- CVE-2022-48065
-- Nick Galanis <email address hidden> Tue, 23 Jan 2024 10:47:04 +0000
|
Source diff to previous version |
CVE-2022-47695 |
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_ma |
CVE-2022-48063 |
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2 |
CVE-2022-48065 |
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. |
|
binutils (2.34-6ubuntu1.8) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in dwarf.c
- debian/patches/CVE-2022-44840.patch: delete range check (end_cu_tu_entry
and add_shndx_to_cu_tu_entry) and fill shndx_pool by directly scanning
pool, rather than indirectly from index entries (process_cu_tu_index).
- CVE-2022-44840
* SECURITY UPDATE: heap buffer overflow in dwarf.c
- debian/patches/CVE-2022-45703-0.patch: combine sanity checks. Calculate
element counts, not word counts (display_gdb_index).
- debian/patches/CVE-2022-45703-1.patch: typo fix.
- CVE-2022-45703
* SECURITY UPDATE: memory leak in stabs.c
- debian/patches/CVE-2022-47007.patch: free dt on failure path
(stab_demangle_v3_arg).
- CVE-2022-47007
* SECURITY UPDATE: memory leak in bucomm.c
- debian/patches/CVE-2022-47008.patch: free template on all failure paths
(make_tempdir, make_tempname).
- CVE-2022-47008
* SECURITY UPDATE: memory leak in prdbg.c
- debian/patches/CVE-2022-47010.patch: free "s" on failure path
(pr_function_type).
- CVE-2022-47010
* SECURITY UPDATE: memory leak in stabs.c
- debian/patches/CVE-2022-47011.patch: free "fields" on failure path
(parse_stab_struct_fields).
- CVE-2022-47011
-- Nick Galanis <email address hidden> Tue, 02 Jan 2024 17:48:50 +0200
|
Source diff to previous version |
CVE-2022-44840 |
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. |
CVE-2022-45703 |
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. |
CVE-2022-47007 |
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to mem |
CVE-2022-47008 |
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of servic |
CVE-2022-47010 |
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory |
CVE-2022-47011 |
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to |
|
binutils (2.34-6ubuntu1.7) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in libbfd.c
- debian/patches/CVE-2020-19726-1.patch: check that buffer contains
required number of auxents before processing any auxent (coffgen.c) and
only swap in extended file name from auxents for PE (coffswap.h).
- debian/patches/CVE-2020-19726-2.patch: fix off-by-one error in check for
aux entries that overflow the buffer (coff_get_normalized_symtab,
coffgen.c).
- CVE-2020-19726
* SECURITY UPDATE: heap buffer overflow in rddbg.c
- debian/patches/CVE-2021-46174.patch: don't read past end of section when
concatenating stab strings (read_section_stabs_debugging_info).
- CVE-2021-46174
* SECURITY UPDATE: reachable assertion failure in dwarf.c
- debian/patches/CVE-2022-35205.patch: replace assert with a warning
message (display_debug_names).
- CVE-2022-35205
-- Nick Galanis <email address hidden> Thu, 30 Nov 2023 10:16:08 +0000
|
Source diff to previous version |
CVE-2020-19726 |
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a |
CVE-2021-46174 |
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. |
CVE-2022-35205 |
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial o |
|
binutils (2.34-6ubuntu1.6) focal-security; urgency=medium
* SECURITY UPDATE: possible denial of service via heap overflow
- debian/patches/CVE-2021-45078.patch: fix bounds checking in
binutils/stabs.c.
- CVE-2021-45078
-- Marc Deslauriers <email address hidden> Tue, 13 Jun 2023 09:53:18 -0400
|
Source diff to previous version |
CVE-2021-45078 |
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibl |
|
binutils (2.34-6ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bound read vulnerability
- debian/patches/CVE-2023-25584.patch: Lack of bounds checking in
vms-alpha.c parse_module
- CVE-2023-25584
* SECURITY UPDATE: segmentation fault due to uninitialized `file_table`
- debian/patches/CVE-2023-25585.patch: Use bfd_zmalloc to alloc
file_table
- CVE-2023-25585
* SECURITY UPDATE: segmentation fault due to uninitialized `the_bfd`
- debian/patches/CVE-2023-25588.patch: Field `the_bfd` of `asymbol` is
uninitialised
- CVE-2023-25588
-- Nishit Majithia <email address hidden> Mon, 22 May 2023 08:11:49 +0530
|
|
About
-
Send Feedback to @ubuntu_updates