Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in GNU binutils
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in GNU binutils
ID: USN-6381-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS (Available with Ubuntu Pro), Ubuntu 14.04 LTS (Available with Ubuntu Pro), Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Datum: Mo, 18. September 2023, 22:42
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44840
https://ubuntu.com/security/notices/USN-6381-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21490
Applikationen: binutils

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3637376417505536836==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------DWZ0i28BClIZHYvjVKlo1dII"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------DWZ0i28BClIZHYvjVKlo1dII
Content-Type: multipart/mixed;
 boundary="------------xzSOK7v0ZFw2ZTZaorIxzJ0v";
 protected-headers="v1"
From: Camila Camargo de Matos <camila.camargodematos@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <12bb0b75-282e-8d3f-ed70-15be1fbdfedc@canonical.com>
Subject: [USN-6381-1] GNU binutils vulnerabilities
References: <20230918185316.ABFFE40098@people.canonical.com>
In-Reply-To: <20230918185316.ABFFE40098@people.canonical.com>

--------------xzSOK7v0ZFw2ZTZaorIxzJ0v
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-6381-1
September 18, 2023

binutils vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in GNU binutils.

Software Description:
- binutils: GNU assembler, linker and binary utilities

Details:

It was discovered that a memory leak existed in certain GNU binutils
modules. An attacker could possibly use this issue to cause a denial of
service (memory exhaustion). (CVE-2020-19724, CVE-2020-21490)

It was discovered that GNU binutils was not properly performing bounds
checks in several functions, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service,
expose sensitive information or execute arbitrary code.
(CVE-2020-19726, CVE-2021-46174, CVE-2022-45703)

It was discovered that GNU binutils was not properly initializing heap
memory when processing certain print instructions. An attacker could
possibly use this issue to expose sensitive information. (CVE-2020-35342)

It was discovered that GNU binutils was not properly handling the logic
behind certain memory management related operations, which could lead to a
buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2022-44840)

It was discovered that GNU binutils was not properly handling the logic
behind certain memory management related operations, which could lead to
an invalid memory access. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-47695)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
binutils 2.30-21ubuntu1~18.04.9+esm1
binutils-multiarch 2.30-21ubuntu1~18.04.9+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
binutils 2.26.1-1ubuntu1~16.04.8+esm7
binutils-multiarch 2.26.1-1ubuntu1~16.04.8+esm7

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
binutils 2.24-5ubuntu14.2+esm3
binutils-multiarch 2.24-5ubuntu14.2+esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6381-1
CVE-2020-19724, CVE-2020-19726, CVE-2020-21490, CVE-2020-35342,
CVE-2021-46174, CVE-2022-44840, CVE-2022-45703, CVE-2022-47695

--------------xzSOK7v0ZFw2ZTZaorIxzJ0v--

--------------DWZ0i28BClIZHYvjVKlo1dII
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEGq96SdAIJY1vInRLbzAtCH6LqTYFAmUIoX0FAwAAAAAACgkQbzAtCH6LqTbd
vAgAnOCgmSP3ghpDRtfCqDh8Nm6o0m6pCyyHXo0s25S+RVYyz3mN85fgv3+ifNo9il9iJrhB90EQ
CF3G7MxPCjyyFgg2BFvq/AdSRleRlRcpMb5KXV0AUlzSj73EQOD7I1x9/DZB6pyKwXbdh7Py8hAQ
l3bs8Y2Uo2G32Rdd3WvPA7H5JEMBPcfnFNPDO1lWrLQYb1/rtnYUPFwBHmCc3fPXCoBEUKPqZsiQ
iyxj5JDqGUGOHv2b0qsOAV/AWuKAETnpcp4rrFmFutoa7AchQBkoMUrDnJiarvBj/yuZjVz8IaNq
bjZyGpjxuoJ/XXCxHnou6yIHCM77iW5kVr1LoCCUWA==
=y7ri
-----END PGP SIGNATURE-----

--------------DWZ0i28BClIZHYvjVKlo1dII--


--===============3637376417505536836==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============3637376417505536836==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung