Login
Newsletter
Werbung
Sicherheit: Pufferüberläufe in binutils
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in binutils
ID: MDKSA-2006:153
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva 2006.0
Datum: Di, 29. August 2006, 07:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2362
Applikationen: binutils

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1156828807-23892-157


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:153
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : binutils
 Date    : August 28, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A stack-based buffer overflow in messages.c in the GNU as (gas)
 assembler in Free Software Foundation GNU Binutils before 20050721 
 allows attackers to execute arbitrary code via a .c file with crafted
 inline assembly code (CVE-2005-4807).
 
 Buffer overflow in getsym in tekhex.c in libbfd in Free Software
 Foundation GNU Binutils before 20060423, as used by GNU strings, allows
 context-dependent attackers to cause a denial of service (application
 crash) and possibly execute arbitrary code via a file with a crafted
 Tektronix Hex Format (TekHex?) record in which the length character is
 not a valid hexadecimal character (CVE-2006-2362).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4807
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2362
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 a514aef8f0aae8017c36c6373c546f1f 
 2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.i586.rpm
 608c036f1cf3604f70254d834a1be68c 
 2006.0/RPMS/libbinutils2-2.16.91.0.2-3.1.20060mdk.i586.rpm
 3b215ae344eecd901ac81bc72d313dbb 
 2006.0/RPMS/libbinutils2-devel-2.16.91.0.2-3.1.20060mdk.i586.rpm
 cd7e83cac0c468d104c10b402bb21a53 
 2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 e52fa90704f954868c4619119e8e833d 
 x86_64/2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
 1117083b22061902fe40d87c1d7b9c22 
 x86_64/2006.0/RPMS/lib64binutils2-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
 6ff27559c550109d9843e034181a0fa4 
 x86_64/2006.0/RPMS/lib64binutils2-devel-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
 cd7e83cac0c468d104c10b402bb21a53 
 x86_64/2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm

 Corporate 3.0:
 84f8aea5d202ba206ca31871047d8a5f 
 corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.i586.rpm
 d72ede02c6410aad9ec98bfc931f2b2b 
 corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.3.C30mdk.i586.rpm
 647d07675b4eabfa2cfe8933342cf46d 
 corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.3.C30mdk.i586.rpm
 a0f5c767dcb258960cb0b9004e6f73d3 
 corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 54d559b890d485b7979446499b8dad5a 
 x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
 35f8cf549a5a8222e933b150775efdee 
 x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
 0df49c77c9bf02a1b3686387580ad7e3 
 x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
 a0f5c767dcb258960cb0b9004e6f73d3 
 x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE84vRmqjQ0CJFipgRApYkAKDZMyBRi8S7tFQhLu7BBksXEJZ99wCgigBG
KQaiJLXuFtCzHgx664/xGe8=
=ApW9
-----END PGP SIGNATURE-----


------------=_1156828807-23892-157
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1156828807-23892-157--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung