[ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities
From: security@xxxxxxxxxxxx
Date: Mon, 28 Aug 2006 21:35:00 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>
Sender: QATeam User <qateam@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:153
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : binutils
 Date    : August 28, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A stack-based buffer overflow in messages.c in the GNU as (gas)
 assembler in Free Software Foundation GNU Binutils before 20050721 
 allows attackers to execute arbitrary code via a .c file with crafted
 inline assembly code (CVE-2005-4807).
 
 Buffer overflow in getsym in tekhex.c in libbfd in Free Software
 Foundation GNU Binutils before 20060423, as used by GNU strings, allows
 context-dependent attackers to cause a denial of service (application
 crash) and possibly execute arbitrary code via a file with a crafted
 Tektronix Hex Format (TekHex?) record in which the length character is
 not a valid hexadecimal character (CVE-2006-2362).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4807
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2362
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 a514aef8f0aae8017c36c6373c546f1f  
2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.i586.rpm
 608c036f1cf3604f70254d834a1be68c  
2006.0/RPMS/libbinutils2-2.16.91.0.2-3.1.20060mdk.i586.rpm
 3b215ae344eecd901ac81bc72d313dbb  
2006.0/RPMS/libbinutils2-devel-2.16.91.0.2-3.1.20060mdk.i586.rpm
 cd7e83cac0c468d104c10b402bb21a53  
2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 e52fa90704f954868c4619119e8e833d  
x86_64/2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
 1117083b22061902fe40d87c1d7b9c22  
x86_64/2006.0/RPMS/lib64binutils2-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
 6ff27559c550109d9843e034181a0fa4  
x86_64/2006.0/RPMS/lib64binutils2-devel-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
 cd7e83cac0c468d104c10b402bb21a53  
x86_64/2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm

 Corporate 3.0:
 84f8aea5d202ba206ca31871047d8a5f  
corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.i586.rpm
 d72ede02c6410aad9ec98bfc931f2b2b  
corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.3.C30mdk.i586.rpm
 647d07675b4eabfa2cfe8933342cf46d  
corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.3.C30mdk.i586.rpm
 a0f5c767dcb258960cb0b9004e6f73d3  
corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 54d559b890d485b7979446499b8dad5a  
x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
 35f8cf549a5a8222e933b150775efdee  
x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
 0df49c77c9bf02a1b3686387580ad7e3  
x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
 a0f5c767dcb258960cb0b9004e6f73d3  
x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE84vRmqjQ0CJFipgRApYkAKDZMyBRi8S7tFQhLu7BBksXEJZ99wCgigBG
KQaiJLXuFtCzHgx664/xGe8=
=ApW9
-----END PGP SIGNATURE-----

Prev by Date: [ MDKSA-2006:155 ] - Updated ImageMagick packages fix vulnerabilities
Next by Date: [ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability
Previous by thread: [ MDKSA-2006:155 ] - Updated ImageMagick packages fix vulnerabilities
Next by thread: [ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability
Index(es):
- Date
- Thread