UbuntuUpdates.org

Package "binutils-source"

Name: binutils-source

Description:

GNU assembler, linker and binary utilities (source)

Latest version: 2.22-6ubuntu1.4
Release: precise (12.04)
Level: security
Repository: universe
Head package: binutils

Links


Download "binutils-source"


Other versions of "binutils-source" in Precise

Repository Area Version
base universe 2.22-6ubuntu1
updates universe 2.22-6ubuntu1.4

Changelog

Version: 2.22-6ubuntu1.4 2016-06-06 16:06:25 UTC

  binutils (2.22-6ubuntu1.4) precise-security; urgency=medium

  * debian/patches/binutils-bz17512-misc.patch: fix segfault
    in objcopy on i386 to compensate for missing commit
    e7ebb214834628b2b0d9d3233febc9fef2912515 to address
    sbsigntool FTBFS (LP: #1477350)

 -- Steve Beattie <email address hidden> Wed, 01 Jun 2016 00:48:14 -0700

Source diff to previous version
1477350 Rgression building sbsigntool with binutils \u003e= 2.22-6ubuntu1.2 in precise

Version: 2.22-6ubuntu1.2 2015-02-10 21:07:26 UTC

  binutils (2.22-6ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflow in objalloc_alloc
    - debian/patches/binutils-CVE-2012-3509.patch: Add overflow check
      covering alignment and CHUNK_HEADER_SIZE addition.
    - CVE-2012-3509
  * SECURITY UPDATE: out-of-bounds read in srec_scan of bfd/srec.c
    - debian/patches/binutils-CVE-2014-8484.patch: report an error
      for S-records with less than the miniumum size
    - CVE-2014-8484
  * SECURITY UPDATE: incorrect memory handling around corrupt group
    section headers
    - debian/patches/binutils-CVE-2014-8485.patch: Improve handling
      of corrupt group sections
    - CVE-2014-8485
  * SECURITY UPDATE: out-of-bounds write in _bfd_XXi_swap_aouthdr_in
    - debian/patches/binutils-CVE-2014-8501.patch: Handle corrupt
      binaries with an invalid value for NumberOfRvaAndSizes.
    - CVE-2014-8501
  * SECURITY UPDATE: pe_print_edata buffer overflow
    - debian/patches/binutils-CVE-2014-8502.patch: Detect out of
      range and truncated rvas or entry counts
    - CVE-2014-8502
  * SECURITY UPDATE: ihex_scan buffer overflow
    - debian/patches/binutils-CVE-2014-8503.patch: Fix typo in
      invocation of ihex_bad_byte.
    - CVE-2014-8503
  * SECURITY UPDATE: srec_scan buffer overflow
    - debian/patches/binutils-CVE-2014-8504.patch: Increase size of buf
    - CVE-2014-8504
  * SECURITY UPDATE: directory traversal vulnerabilities
    - debian/patches/binutils-CVE-2014-8737.patch: disallow paths that
      include ../
    - CVE-2014-8737
  * SECURITY UPDATE: _bfd_slurp_extended_name_table out-of-bounds write
    - debian/patches/binutils-CVE-2014-8738.patch: Handle archives
      with corrupt extended name tables.
    - CVE-2014-8738
  * SECURITY UPDATE: multiple miscellaneous overflows and out-of-bounds
    reads and writes
    - debian/patches/binutils-bz17512_prereqs.patch: cherrypicked
      prerequisite commits needed to apply following patch
    - debian/patches/binutils-bz17512-misc.patch: fix invalid memory
      accesses.
  * Security hardening: don't use libbfd by default in strings(1)
    - debian/patches/binutils-harden_strings.patch: Add new command
      line option --data to only scan the initialized, loadable data
      sections of binaries, using libbfd; make --all the default.
 -- Steve Beattie <email address hidden> Mon, 09 Feb 2015 02:11:51 -0800

Source diff to previous version
CVE-2012-3509 Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as
CVE-2014-8484 The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read)
CVE-2014-8485 The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and pos
CVE-2014-8501 The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of
CVE-2014-8502 Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denia
CVE-2014-8503 Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of ser
CVE-2014-8504 Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of ser
CVE-2014-8737 Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full
CVE-2014-8738 The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (i

Version: 2.22-6ubuntu1.1 2013-06-27 22:06:43 UTC

  binutils (2.22-6ubuntu1.1) precise-security; urgency=low

  * Backport gold patch to use PIC stubs in all position independent objects,
    so that we can have a functioning build of Chromium on armhf
    - add debian/patches/213-gold-arm-pie-fix.patch
    - update debian/patches/series
 -- Chris Coulson <email address hidden> Thu, 21 Feb 2013 17:06:02 +0000




About   -   Send Feedback to @ubuntu_updates