UbuntuUpdates.org

Package "binutils-i686-kfreebsd-gnu"

Name: binutils-i686-kfreebsd-gnu

Description:

GNU binary utilities, for i686-kfreebsd-gnu target
Latest version: 2.34-6ubuntu1.11
Release: focal (20.04)
Level: updates
Repository: main
Head package: binutils
Homepage: https://www.gnu.org/software/binutils/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "binutils-i686-kfreebsd-gnu"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "binutils-i686-kfreebsd-gnu" in Focal

Repository Area Version
base main 2.34-6ubuntu1
security main 2.34-6ubuntu1.11

Changelog

Version: 2.34-6ubuntu1.11 2025-04-08 02:07:03 UTC

  binutils (2.34-6ubuntu1.11) focal-security; urgency=medium

  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2025-1153.patch: introduces new variant of einfo
      called 'fatal' that always exits in ld/*.
    - CVE-2025-1153
  * SECURITY UPDATE: Heap based buffer overflow
    - debian/patches/CVE-2025-1176.patch: prevent illegal memory access
      when indexing into the sym_hashes array in bfd/elflink.c.
    - CVE-2025-1176
  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2025-1182.patch: fix illegal memory access
      triggered by corrupt ELF input files in bfd/elflink.c.
    - CVE-2025-1182

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 31 Mar 2025 07:16:19 -0300
Source diff to previous version
CVE-2025-1153 A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the f
CVE-2025-1176 A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.
CVE-2025-1182 A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the fil

Version: 2.34-6ubuntu1.10 2025-02-26 21:06:50 UTC

  binutils (2.34-6ubuntu1.10) focal-security; urgency=medium

  * SECURITY UPDATE: Stack-based overflow
    - debian/patches/CVE-2025-0840.patch: fixing boundaries
      checking in binutils/objdump.c.
    - CVE-2025-0840

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 06 Feb 2025 13:09:05 -0300
Source diff to previous version
CVE-2025-0840 A vulnerability, which was classified as problematic, was found in GNU ...

Version: 2.34-6ubuntu1.9 2024-02-26 15:07:02 UTC

  binutils (2.34-6ubuntu1.9) focal-security; urgency=medium

  * SECURITY UPDATE: segmentation fault in objdump.c compare_symbols
    - debian/patches/CVE-2022-47695.patch: test symbol flags to exclude
      section and synthetic symbols before attempting to check flavour
      (compare_symbols).
    - CVE-2022-47695
  * SECURITY UPDATE: excessive memory allocation in objdump.c
    - debian/patches/CVE-2022-48063.patch: check that the amount of memory to
      be allocated matches the size of the section
      (load_specific_debug_section).
    - CVE-2022-48063
  * SECURITY UPDATE: Memory leak in find_abstract_instance in dwarf2.c
    - debian/patches/CVE-2022-48065.patch: remove memory leaks due to double
      allocation of the name variable, and free memory before re-assigning a
      new naming variable
    - CVE-2022-48065

 -- Nick Galanis <email address hidden> Tue, 23 Jan 2024 10:47:04 +0000
Source diff to previous version
CVE-2022-47695 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_ma
CVE-2022-48063 GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2
CVE-2022-48065 GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

Version: 2.34-6ubuntu1.8 2024-01-15 16:07:01 UTC

  binutils (2.34-6ubuntu1.8) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in dwarf.c
    - debian/patches/CVE-2022-44840.patch: delete range check (end_cu_tu_entry
      and add_shndx_to_cu_tu_entry) and fill shndx_pool by directly scanning
      pool, rather than indirectly from index entries (process_cu_tu_index).
    - CVE-2022-44840
  * SECURITY UPDATE: heap buffer overflow in dwarf.c
    - debian/patches/CVE-2022-45703-0.patch: combine sanity checks. Calculate
      element counts, not word counts (display_gdb_index).
    - debian/patches/CVE-2022-45703-1.patch: typo fix.
    - CVE-2022-45703
  * SECURITY UPDATE: memory leak in stabs.c
    - debian/patches/CVE-2022-47007.patch: free dt on failure path
      (stab_demangle_v3_arg).
    - CVE-2022-47007
  * SECURITY UPDATE: memory leak in bucomm.c
    - debian/patches/CVE-2022-47008.patch: free template on all failure paths
      (make_tempdir, make_tempname).
    - CVE-2022-47008
  * SECURITY UPDATE: memory leak in prdbg.c
    - debian/patches/CVE-2022-47010.patch: free "s" on failure path
      (pr_function_type).
    - CVE-2022-47010
  * SECURITY UPDATE: memory leak in stabs.c
    - debian/patches/CVE-2022-47011.patch: free "fields" on failure path
      (parse_stab_struct_fields).
    - CVE-2022-47011

 -- Nick Galanis <email address hidden> Tue, 02 Jan 2024 17:48:50 +0200
Source diff to previous version
CVE-2022-44840 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
CVE-2022-45703 Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
CVE-2022-47007 An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to mem
CVE-2022-47008 An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of servic
CVE-2022-47010 An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory
CVE-2022-47011 An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to

Version: 2.34-6ubuntu1.7 2023-12-11 16:09:32 UTC

  binutils (2.34-6ubuntu1.7) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in libbfd.c
    - debian/patches/CVE-2020-19726-1.patch: check that buffer contains
      required number of auxents before processing any auxent (coffgen.c) and
      only swap in extended file name from auxents for PE (coffswap.h).
    - debian/patches/CVE-2020-19726-2.patch: fix off-by-one error in check for
      aux entries that overflow the buffer (coff_get_normalized_symtab,
      coffgen.c).
    - CVE-2020-19726

  * SECURITY UPDATE: heap buffer overflow in rddbg.c
    - debian/patches/CVE-2021-46174.patch: don't read past end of section when
      concatenating stab strings (read_section_stabs_debugging_info).
    - CVE-2021-46174

  * SECURITY UPDATE: reachable assertion failure in dwarf.c
    - debian/patches/CVE-2022-35205.patch: replace assert with a warning
      message (display_debug_names).
    - CVE-2022-35205

 -- Nick Galanis <email address hidden> Thu, 30 Nov 2023 10:16:08 +0000
CVE-2020-19726 An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a
CVE-2021-46174 Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
CVE-2022-35205 An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial o


About   -   Send Feedback to @ubuntu_updates