Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

USN-2496-1: GNU binutils vulnerabilities

9 February 2015

Applications from GNU binutils could be made to crash, run programs, or delete arbitrary files as your login if they opened a specially crafted file.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • binutils - GNU assembler, linker and binary utilities

Details

Michal Zalewski discovered that the setup_group function in libbfd in
GNU binutils did not properly check group headers in ELF files. An
attacker could use this to craft input that could cause a denial
of service (application crash) or possibly execute arbitrary code.
(CVE-2014-8485)

Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function
in libbfd in GNU binutils allowed out-of-bounds writes. An
attacker could use this to craft input that could cause a denial
of service (application crash) or possibly execute arbitrary code.
(CVE-2014-8501)

Hanno Böck discovered a heap-based buffer overflow in the
pe_print_edata function in libbfd in GNU binutils. An attacker
could use this to craft input that could cause a denial of service
(application crash) or possibly execute arbitrary code. (CVE-2014-8502)

Alexander Cherepanov discovered multiple directory traversal
vulnerabilities in GNU binutils. An attacker could use this to craft
input that could delete arbitrary files. (CVE-2014-8737)

Alexander Cherepanov discovered the _bfd_slurp_extended_name_table
function in libbfd in GNU binutils allowed invalid writes when handling
extended name tables in an archive. An attacker could use this to
craft input that could cause a denial of service (application crash)
or possibly execute arbitrary code. (CVE-2014-8738)

Hanno Böck discovered a stack-based buffer overflow in the ihex_scan
function in libbfd in GNU binutils. An attacker could use this
to craft input that could cause a denial of service (application
crash). (CVE-2014-8503)

Michal Zalewski discovered a stack-based buffer overflow in the
srec_scan function in libbfd in GNU binutils. An attacker could
use this to to craft input that could cause a denial of service
(application crash); the GNU C library's Fortify Source printf
protection should prevent the possibility of executing arbitrary code.
(CVE-2014-8504)

Michal Zalewski discovered that the srec_scan function in libbfd
in GNU binutils allowed out-of-bounds reads. An attacker could
use this to craft input to cause a denial of service. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04
LTS. (CVE-2014-8484)

Sang Kil Cha discovered multiple integer overflows in the
_objalloc_alloc function and objalloc_alloc macro in binutils. This
could allow an attacker to cause a denial of service (application
crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS.
(CVE-2012-3509)

Alexander Cherepanov and Hanno Böck discovered multiple additional
out-of-bounds reads and writes in GNU binutils. An attacker could use
these to craft input that could cause a denial of service (application
crash) or possibly execute arbitrary code. A few of these issues may
be limited in exposure to a denial of service (application abort)
by the GNU C library's Fortify Source printf protection.

The strings(1) utility in GNU binutils used libbfd by default when
examining executable object files; unfortunately, libbfd was not
originally developed with the expectation of hostile input. As
a defensive measure, the behavior of strings has been changed to
default to 'strings --all' behavior, which does not use libbfd; use
the new argument to strings, '--data', to recreate the old behavior.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.

Related notices

  • USN-3367-1: gdb-doc, gdb64, gdb-multiarch, gdb, gdb-source, gdb-minimal, gdbserver