[ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:153
http://www.mandriva.com/security/
_______________________________________________________________________
Package : binutils
Date : August 28, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
A stack-based buffer overflow in messages.c in the GNU as (gas)
assembler in Free Software Foundation GNU Binutils before 20050721
allows attackers to execute arbitrary code via a .c file with crafted
inline assembly code (CVE-2005-4807).
Buffer overflow in getsym in tekhex.c in libbfd in Free Software
Foundation GNU Binutils before 20060423, as used by GNU strings, allows
context-dependent attackers to cause a denial of service (application
crash) and possibly execute arbitrary code via a file with a crafted
Tektronix Hex Format (TekHex?) record in which the length character is
not a valid hexadecimal character (CVE-2006-2362).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2362
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
a514aef8f0aae8017c36c6373c546f1f
2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.i586.rpm
608c036f1cf3604f70254d834a1be68c
2006.0/RPMS/libbinutils2-2.16.91.0.2-3.1.20060mdk.i586.rpm
3b215ae344eecd901ac81bc72d313dbb
2006.0/RPMS/libbinutils2-devel-2.16.91.0.2-3.1.20060mdk.i586.rpm
cd7e83cac0c468d104c10b402bb21a53
2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
e52fa90704f954868c4619119e8e833d
x86_64/2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
1117083b22061902fe40d87c1d7b9c22
x86_64/2006.0/RPMS/lib64binutils2-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
6ff27559c550109d9843e034181a0fa4
x86_64/2006.0/RPMS/lib64binutils2-devel-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
cd7e83cac0c468d104c10b402bb21a53
x86_64/2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm
Corporate 3.0:
84f8aea5d202ba206ca31871047d8a5f
corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.i586.rpm
d72ede02c6410aad9ec98bfc931f2b2b
corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.3.C30mdk.i586.rpm
647d07675b4eabfa2cfe8933342cf46d
corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.3.C30mdk.i586.rpm
a0f5c767dcb258960cb0b9004e6f73d3
corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
54d559b890d485b7979446499b8dad5a
x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
35f8cf549a5a8222e933b150775efdee
x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
0df49c77c9bf02a1b3686387580ad7e3
x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
a0f5c767dcb258960cb0b9004e6f73d3
x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE84vRmqjQ0CJFipgRApYkAKDZMyBRi8S7tFQhLu7BBksXEJZ99wCgigBG
KQaiJLXuFtCzHgx664/xGe8=
=ApW9
-----END PGP SIGNATURE-----