Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

Ubuntu 16.04 ESM USN-5341-1 Critical: Binutils Memory Issues Threat

ubuntu
Calendar Grey March 22, 2022
Dist Ubuntu Esm H88
Ubuntu has issued an important update addressing vulnerabilities in GNU binutils linked to memory allocation issues that may cause denial of service. This patch enhances system security and stability, protecting users from potential exploitation. To apply this update, users should run standard upgrade commands in the terminal and check for the new package installation. Staying aware of such vulnerabilities is vital, as they can impact system performance. Regular updates are key to a secure environment.
Several security issues were fixed in GNU binutils.

Summary

Several security issues were fixed in GNU binutils.

Software Description:

- binutils: GNU assembler, linker and binary utilities

Details:

It was discovered that GNU binutils incorrectly handled checks for memory

allocation when parsing relocs in a corrupt file. An attacker could possibly

use this issue to cause a denial of service. (CVE-2017-17122)

It was discovered that GNU binutils incorrectly handled certain corrupt

DWARF

debug sections. An attacker could possibly use this issue to cause GNU

binutils to consume memory, resulting in a denial of service.

(CVE-2021-3487)

It was discovered that GNU binutils incorrectly performed bounds checking

operations when parsing stabs debugging information. An attacker could

possibly use this issue to cause a denial of service or execute arbitrary

code. (CVE-2021-45078)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
binutils 2.26.1-1ubuntu1~16.04.8+esm3
binutils-multiarch 2.26.1-1ubuntu1~16.04.8+esm3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5341-1

CVE-2017-17122, CVE-2021-3487, CVE-2021-45078

Severity
critical
Lowest
Low
Medium
High
Critical

March 22, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.