Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in GNU binutils
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in GNU binutils
ID: USN-6101-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, Ubuntu 23.04, Ubuntu 16.04 LTS (Available with Ubuntu Pro), Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Datum: Mi, 24. Mai 2023, 23:21
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25588
Applikationen: binutils

Originalnachricht

 

--===============2117606872147292698==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
 boundary="qjj7kkjgcaqo4kzi"
Content-Disposition: inline


--qjj7kkjgcaqo4kzi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-6101-1
May 24, 2023

binutils vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in GNU binutils.

Software Description:
- binutils: GNU assembler, linker and binary utilities

Details:

It was discovered that GNU binutils incorrectly handled certain DWARF
files. An attacker could possibly use this issue to cause a crash or
execute arbitrary code. This issue only affected Ubuntu 22.10.
(CVE-2023-1579)

It was discovered that GNU binutils did not properly verify the version
definitions in zer0-lengthverdef table. An attacker could possibly use this
issue to cause a crash or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. (CVE-2023-1972)

It was discovered that GNU binutils did not properly validate the size of
length parameter in vms-alpha. An attacker could possibly use this issue to
cause a crash or access sensitive information. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10.
(CVE-2023-25584)

It was discovered that GNU binutils did not properly initialized the
file_table field of struct module and the_bfd field of asymbol. An attacker
could possibly use this issue to cause a crash. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2023-25585, CVE-2023-25586)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  binutils                        2.40-2ubuntu4.1
  binutils-multiarch              2.40-2ubuntu4.1

Ubuntu 22.10:
  binutils                        2.39-3ubuntu1.2
  binutils-multiarch              2.39-3ubuntu1.2

Ubuntu 22.04 LTS:
  binutils                        2.38-4ubuntu2.2
  binutils-multiarch              2.38-4ubuntu2.2

Ubuntu 20.04 LTS:
  binutils                        2.34-6ubuntu1.5
  binutils-multiarch              2.34-6ubuntu1.5

Ubuntu 18.04 LTS:
  binutils                        2.30-21ubuntu1~18.04.9
  binutils-multiarch              2.30-21ubuntu1~18.04.9

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  binutils                        2.26.1-1ubuntu1~16.04.8+esm6
  binutils-multiarch              2.26.1-1ubuntu1~16.04.8+esm6

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  binutils                        2.24-5ubuntu14.2+esm1
  binutils-multiarch              2.24-5ubuntu14.2+esm1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6101-1
  CVE-2023-1579, CVE-2023-1972, CVE-2023-25584, CVE-2023-25585,
  CVE-2023-25588

Package Information:
  https://launchpad.net/ubuntu/+source/binutils/2.40-2ubuntu4.1
  https://launchpad.net/ubuntu/+source/binutils/2.39-3ubuntu1.2
  https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.2
  https://launchpad.net/ubuntu/+source/binutils/2.34-6ubuntu1.5
  https://launchpad.net/ubuntu/+source/binutils/2.30-21ubuntu1~18.04.9

--qjj7kkjgcaqo4kzi
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGzBAABCgAdFiEEs16801xnF7wK3rCK7Ic6ztRocjwFAmRt9gkACgkQ7Ic6ztRo
cjy85gwAgkW2rsJOhAVaRi1445addkhWUv9GIglVCiWwn7n+oG6ouy+Wg/zROX7j
VXbXjWF/LLP1xBIzfWzywMEeF9VrUHjXm5H/dct5KDsfSKp3MgT4RHMczAQFA3Vf
zb7b0YBkwEZLEeCi96bAVKHSZqZLQa8OQd7Uzs44VYFZaGK3VhPoHObKmO7wgzKs
IYziMO4mnl59DapkqzFy33Ompw4W3zt/yxhgHKnKViXjctFhPPmtKQHfk5vRIh97
Y0K7pkNR7qOfU+jsVsuJ8yC8pMtSNJ6DDCkECjy9XgbNC5484Kn17baKgQ8b/WZR
GtE9deBRpPAi3PhZMVB6auVt2tiHzQlHSM1jV9cYlIm1gSPOEvyxuf9TyCQaqn6B
s0YumXYXZTGbTmlbiVcjUm9/iashj84PqjLnxXWeTajv8TYtmUu5q/08Hca5vTVx
51RHszD7qyg3g379CAQay28Z+zYgTMw8UTBp0NvKaT4WC5VhuvnSvfOJ1dpt6jqs
Q01IJc+n
=fM77
-----END PGP SIGNATURE-----

--qjj7kkjgcaqo4kzi--


--===============2117606872147292698==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline


--===============2117606872147292698==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung