Several security issues were fixed in GNU binutils.
Software Description:
- binutils: GNU assembler, linker and binary utilities
Details:
It was discovered that a memory leak existed in certain GNU binutils
modules. An attacker could possibly use this issue to cause a denial of
service (memory exhaustion). (CVE-2020-19724, CVE-2020-21490)
It was discovered that GNU binutils was not properly performing bounds
checks in several functions, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service,
expose sensitive information or execute arbitrary code.
(CVE-2020-19726, CVE-2021-46174, CVE-2022-45703)
It was discovered that GNU binutils was not properly initializing heap
memory when processing certain print instructions. An attacker could
possibly use this issue to expose sensitive information. (CVE-2020-35342)
It was discovered that GNU binutils was not properly handling the logic
behind certain memory ma...
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): binutils 2.30-21ubuntu1~18.04.9+esm1 binutils-multiarch 2.30-21ubuntu1~18.04.9+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): binutils 2.26.1-1ubuntu1~16.04.8+esm7 binutils-multiarch 2.26.1-1ubuntu1~16.04.8+esm7 Ubuntu 14.04 LTS (Available with Ubuntu Pro): binutils 2.24-5ubuntu14.2+esm3 binutils-multiarch 2.24-5ubuntu14.2+esm3 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6381-1
CVE-2020-19724, CVE-2020-19726, CVE-2020-21490, CVE-2020-35342,
CVE-2021-46174, CVE-2022-44840, CVE-2022-45703, CVE-2022-47695
Get the latest Linux and open source security news straight to your inbox.