[USN-336-1] binutils vulnerability

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-336-1] binutils vulnerability
From: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Date: Thu, 17 Aug 2006 08:21:33 +0200
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.12-2006-07-14

=========================================================== 
Ubuntu Security Notice USN-336-1            August 16, 2006
binutils vulnerability
http://bugs.gentoo.org/show_bug.cgi?id=99464
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  binutils                                 2.15-5ubuntu2.4

Ubuntu 5.10:
  binutils                                 2.16.1-2ubuntu6.2
  binutils-static                          2.16.1-2ubuntu6.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A buffer overflow was discovered in gas (the GNU assembler). By
tricking an user or automated system (like a compile farm) into
assembling a specially crafted source file with gcc or gas, this could
be exploited to execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4.diff.gz
      Size/MD5:    43030 165be56a4c94f4cf3edcd20bb26c6e40
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4.dsc
      Size/MD5:      781 3a23d48803cc6ccc254de4bed6d1f6bc
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15.orig.tar.gz
      Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.15-5ubuntu2.4_all.deb
      Size/MD5:   434332 dfaae7efb7f1d2e8e776184fd17767d4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.4_amd64.deb
      Size/MD5:  2839652 b6b0ebc4d921c4e22fdceb703e378c55
    
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.4_amd64.deb
      Size/MD5:  8021684 bc9f89cb0a83954894b7592d60c5723b
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4_amd64.deb
      Size/MD5:  1369002 6cea7a328eeed4997974a7a1584fb9c5

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.4_i386.deb
      Size/MD5:  2795812 8bd98d94b019bcf9f5179a9242501bd2
    
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.4_i386.deb
      Size/MD5:  7868346 04fbf5ef9336da5926fccd01ac5d6ddf
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4_i386.deb
      Size/MD5:  1323958 9cc06f28d94d285a33586e7086c453fd

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.4_powerpc.deb
      Size/MD5:  3470788 9175f3010fa9d80a3069eef533339b34
    
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.4_powerpc.deb
      Size/MD5:  9385400 e8827cf1704ad45eb9d93deca0f1410f
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.4_powerpc.deb
      Size/MD5:  1465166 ead0bbfd83183858da7265d60638ce41

Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2.diff.gz
      Size/MD5:    41243 beae257ca1a0e4abf77fa4ecddd4ff9c
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2.dsc
      Size/MD5:      892 27a4ef64c54100424424313c8873bb6d
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1.orig.tar.gz
      Size/MD5: 16378360 818bd33cc45bfe3d5b4b2ddf288ecdea

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.16.1-2ubuntu6.2_all.deb
      Size/MD5:   459840 62bad45ce720098cd5d7bfcd7bdc73f7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.2_amd64.deb
      Size/MD5:  2359240 c9219796dd147dcab7b8c53bc71555c6
    
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.2_amd64.deb
      Size/MD5:  7202160 5d5ff31efc9c788ee212cf16927fd25d
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.2_amd64.udeb
      Size/MD5:   605798 859dc5148f5e9a03287d00f363f1b49d
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.2_amd64.deb
      Size/MD5:   631940 13baf60e6742003f98f37a5634185642
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2_amd64.deb
      Size/MD5:  1553658 7189b2459d4b502d48aa9672b7ec6549

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.2_i386.deb
      Size/MD5:  2219950 33019299b1e8dd12b5d895dfa87bc21d
    
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.2_i386.deb
      Size/MD5:  6748650 0c8b3ef38b1eb856e1b7709ecc614100
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.2_i386.udeb
      Size/MD5:   500860 74f557eb5334985806b1538cc548678e
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.2_i386.deb
      Size/MD5:   526702 fb3cc66b05cc187012d76209b766e38b
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2_i386.deb
      Size/MD5:  1469958 43c4a9cd2676939986d2942df6802ddf

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.2_powerpc.deb
      Size/MD5:  2836566 a62abafae842b82365461d169ec22560
    
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.2_powerpc.deb
      Size/MD5:  8204644 2f61a9c28bbe75568f4fe1ee9d69e80a
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.2_powerpc.udeb
      Size/MD5:   619148 6d397e7d80d9799afbf08f786d376dc0
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.2_powerpc.deb
      Size/MD5:   645148 3431c1f8856d98e8a4e6042ce965b383
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2_powerpc.deb
      Size/MD5:  1653244 b5f05a08244f787007e998983bd98404

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ubuntu6.2_sparc.deb
      Size/MD5:  2198848 49b9d9a733e42c55e52d3716a45f74f4
    
http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.16.1-2ubuntu6.2_sparc.deb
      Size/MD5:  7109082 88695d693f09a7f02d23373092361ffe
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.16.1-2ubuntu6.2_sparc.udeb
      Size/MD5:   622590 ad7cdd890181b06b6cb7d055dcdfa988
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-2ubuntu6.2_sparc.deb
      Size/MD5:   648420 7ef50ebce215526620acaf8273eede10
    
http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu6.2_sparc.deb
      Size/MD5:  1493928 9be9b0e14816abd1704b1dfbe0f804ca

Attachment: signature.asc
Description: Digital signature

Prev by Date: Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA
Next by Date: Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows
Previous by thread: [EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability
Next by thread: [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability
Index(es):
- Date
- Thread