Ubuntu 2496-1: GNU binutils vulnerabilities

    Date09 Feb 2015
    60
    Posted ByLinuxSecurity Advisories
    Applications from GNU binutils could be made to crash, run programs, or delete arbitrary files as your login if they opened a specially crafted file.
    ==========================================================================
    Ubuntu Security Notice USN-2496-1
    February 09, 2015
    
    binutils vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 14.10
    - Ubuntu 14.04 LTS
    - Ubuntu 12.04 LTS
    - Ubuntu 10.04 LTS
    
    Summary:
    
    Applications from GNU binutils could be made to crash, run programs,
    or delete arbitrary files as your login if they opened a specially
    crafted file.
    
    Software Description:
    - binutils: GNU assembler, linker and binary utilities
    
    Details:
    
    Michal Zalewski discovered that the setup_group function in libbfd in
    GNU binutils did not properly check group headers in ELF files. An
    attacker could use this to craft input that could cause a denial
    of service (application crash) or possibly execute arbitrary code.
    (CVE-2014-8485)
    
    Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function
    in libbfd in GNU binutils allowed out-of-bounds writes. An
    attacker could use this to craft input that could cause a denial
    of service (application crash) or possibly execute arbitrary code.
    (CVE-2014-8501)
    
    Hanno Böck discovered a heap-based buffer overflow in the
    pe_print_edata function in libbfd in GNU binutils. An attacker
    could use this to craft input that could cause a denial of service
    (application crash) or possibly execute arbitrary code. (CVE-2014-8502)
    
    Alexander Cherepanov discovered multiple directory traversal
    vulnerabilities in GNU binutils. An attacker could use this to craft
    input that could delete arbitrary files. (CVE-2014-8737)
    
    Alexander Cherepanov discovered the _bfd_slurp_extended_name_table
    function in libbfd in GNU binutils allowed invalid writes when handling
    extended name tables in an archive. An attacker could use this to
    craft input that could cause a denial of service (application crash)
    or possibly execute arbitrary code. (CVE-2014-8738)
    
    Hanno Böck discovered a stack-based buffer overflow in the ihex_scan
    function in libbfd in GNU binutils. An attacker could use this
    to craft input that could cause a denial of service (application
    crash). (CVE-2014-8503)
    
    Michal Zalewski discovered a stack-based buffer overflow in the
    srec_scan function in libbfd in GNU binutils. An attacker could
    use this to to craft input that could cause a denial of service
    (application crash); the GNU C library's Fortify Source printf
    protection should prevent the possibility of executing arbitrary code.
    (CVE-2014-8504)
    
    Michal Zalewski discovered that the srec_scan function in libbfd
    in GNU binutils allowed out-of-bounds reads. An attacker could
    use this to craft input to cause a denial of service. This issue
    only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04
    LTS. (CVE-2014-8484)
    
    Sang Kil Cha discovered multiple integer overflows in the
    _objalloc_alloc function and objalloc_alloc macro in binutils. This
    could allow an attacker to cause a denial of service (application
    crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS.
    (CVE-2012-3509)
    
    Alexander Cherepanov and Hanno Böck discovered multiple additional
    out-of-bounds reads and writes in GNU binutils. An attacker could use
    these to craft input that could cause a denial of service (application
    crash) or possibly execute arbitrary code. A few of these issues may
    be limited in exposure to a denial of service (application abort)
    by the GNU C library's Fortify Source printf protection.
    
    The strings(1) utility in GNU binutils used libbfd by default when
    examining executable object files; unfortunately, libbfd was not
    originally developed with the expectation of hostile input. As
    a defensive measure, the behavior of strings has been changed to
    default to 'strings --all' behavior, which does not use libbfd; use
    the new argument to strings, '--data', to recreate the old behavior.
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 14.10:
      binutils                        2.24.90.20141014-0ubuntu3.1
      binutils-multiarch              2.24.90.20141014-0ubuntu3.1
    
    Ubuntu 14.04 LTS:
      binutils                        2.24-5ubuntu3.1
      binutils-multiarch              2.24-5ubuntu3.1
    
    Ubuntu 12.04 LTS:
      binutils                        2.22-6ubuntu1.2
      binutils-multiarch              2.22-6ubuntu1.2
    
    Ubuntu 10.04 LTS:
      binutils                        2.20.1-3ubuntu7.2
      binutils-multiarch              2.20.1-3ubuntu7.2
    
    In general, a standard system update will make all the necessary changes.
    
    References:
      https://www.ubuntu.com/usn/usn-2496-1
      CVE-2012-3509, CVE-2014-8484, CVE-2014-8485, CVE-2014-8501,
      CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737,
      CVE-2014-8738
    
    Package Information:
      https://launchpad.net/ubuntu/+source/binutils/2.24.90.20141014-0ubuntu3.1
      https://launchpad.net/ubuntu/+source/binutils/2.24-5ubuntu3.1
      https://launchpad.net/ubuntu/+source/binutils/2.22-6ubuntu1.2
      https://launchpad.net/ubuntu/+source/binutils/2.20.1-3ubuntu7.2
    
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"53","type":"x","order":"1","pct":86.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"6","type":"x","order":"2","pct":9.84,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.28,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.