Univention Bugzilla – Bug 36982
binutils: Multiple issues (ES 3.2)
Last modified: 2019-04-11 19:23:24 CEST
Multiple security issues have been found in binutils and the included bfd library, which is e.g. used by strings(1), nm, objdump or gdb: Invalid read in libbfd (CVE-2014-8484) Buffer overflow in libbfd (CVE-2014-8485) Out of bounds write when parsing PE executables (CVE-2014-8501) Heap overflow in objdump (CVE-2014-8502) Buffer overflow in objdump when parsing ihex files (CVE-2014-8503) Buffer overflow in parsing S-Records (CVE-2014-8504) Directory traversal in ar and objcopy (CVE-2014-8737) Out of bounds write in ar (CVE-2014-8738)
Fixed in 2.20.1-16+deb6u1
2.20.1-16+deb6u2 also fixes: * Fix integer overflow in objalloc_alloc (CVE-2012-3509) Additionally, check the wheezy patches (e.g. Bug 41814) for backport. Note: squeeze-lts packages have been archived: printf "deb-src\thttp://archive.debian.org/debian\tsqueeze-lts\tmain" \ >> /etc/apt/sources.list apt-get --qq update apt-get source binutils
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.