Login
Newsletter
Werbung

Sicherheit: Pufferüberläufe in binutils
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in binutils
ID: MDKSA-2006:153
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva 2006.0
Datum: Di, 29. August 2006, 07:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2362
Applikationen: binutils

Originalnachricht

This is a multi-part message in MIME format...

------------=_1156828807-23892-157


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:153
http://www.mandriva.com/security/
_______________________________________________________________________

Package : binutils
Date : August 28, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

A stack-based buffer overflow in messages.c in the GNU as (gas)
assembler in Free Software Foundation GNU Binutils before 20050721
allows attackers to execute arbitrary code via a .c file with crafted
inline assembly code (CVE-2005-4807).

Buffer overflow in getsym in tekhex.c in libbfd in Free Software
Foundation GNU Binutils before 20060423, as used by GNU strings, allows
context-dependent attackers to cause a denial of service (application
crash) and possibly execute arbitrary code via a file with a crafted
Tektronix Hex Format (TekHex?) record in which the length character is
not a valid hexadecimal character (CVE-2006-2362).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2362
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
a514aef8f0aae8017c36c6373c546f1f
2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.i586.rpm
608c036f1cf3604f70254d834a1be68c
2006.0/RPMS/libbinutils2-2.16.91.0.2-3.1.20060mdk.i586.rpm
3b215ae344eecd901ac81bc72d313dbb
2006.0/RPMS/libbinutils2-devel-2.16.91.0.2-3.1.20060mdk.i586.rpm
cd7e83cac0c468d104c10b402bb21a53
2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
e52fa90704f954868c4619119e8e833d
x86_64/2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
1117083b22061902fe40d87c1d7b9c22
x86_64/2006.0/RPMS/lib64binutils2-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
6ff27559c550109d9843e034181a0fa4
x86_64/2006.0/RPMS/lib64binutils2-devel-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
cd7e83cac0c468d104c10b402bb21a53
x86_64/2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm

Corporate 3.0:
84f8aea5d202ba206ca31871047d8a5f
corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.i586.rpm
d72ede02c6410aad9ec98bfc931f2b2b
corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.3.C30mdk.i586.rpm
647d07675b4eabfa2cfe8933342cf46d
corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.3.C30mdk.i586.rpm
a0f5c767dcb258960cb0b9004e6f73d3
corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
54d559b890d485b7979446499b8dad5a
x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
35f8cf549a5a8222e933b150775efdee
x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
0df49c77c9bf02a1b3686387580ad7e3
x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
a0f5c767dcb258960cb0b9004e6f73d3
x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE84vRmqjQ0CJFipgRApYkAKDZMyBRi8S7tFQhLu7BBksXEJZ99wCgigBG
KQaiJLXuFtCzHgx664/xGe8=
=ApW9
-----END PGP SIGNATURE-----


------------=_1156828807-23892-157
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1156828807-23892-157--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung