-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:153 http://www.mandriva.com/security/ _______________________________________________________________________ Package : binutils Date : August 28, 2006 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: A stack-based buffer overflow in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code (CVE-2005-4807). Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex?) record in which the length character is not a valid hexadecimal character (CVE-2006-2362). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2362 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: a514aef8f0aae8017c36c6373c546f1f 2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.i586.rpm 608c036f1cf3604f70254d834a1be68c 2006.0/RPMS/libbinutils2-2.16.91.0.2-3.1.20060mdk.i586.rpm 3b215ae344eecd901ac81bc72d313dbb 2006.0/RPMS/libbinutils2-devel-2.16.91.0.2-3.1.20060mdk.i586.rpm cd7e83cac0c468d104c10b402bb21a53 2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: e52fa90704f954868c4619119e8e833d x86_64/2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.x86_64.rpm 1117083b22061902fe40d87c1d7b9c22 x86_64/2006.0/RPMS/lib64binutils2-2.16.91.0.2-3.1.20060mdk.x86_64.rpm 6ff27559c550109d9843e034181a0fa4 x86_64/2006.0/RPMS/lib64binutils2-devel-2.16.91.0.2-3.1.20060mdk.x86_64.rpm cd7e83cac0c468d104c10b402bb21a53 x86_64/2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm Corporate 3.0: 84f8aea5d202ba206ca31871047d8a5f corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.i586.rpm d72ede02c6410aad9ec98bfc931f2b2b corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.3.C30mdk.i586.rpm 647d07675b4eabfa2cfe8933342cf46d corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.3.C30mdk.i586.rpm a0f5c767dcb258960cb0b9004e6f73d3 corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm Corporate 3.0/X86_64: 54d559b890d485b7979446499b8dad5a x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.x86_64.rpm 35f8cf549a5a8222e933b150775efdee x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.3.C30mdk.x86_64.rpm 0df49c77c9bf02a1b3686387580ad7e3 x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.3.C30mdk.x86_64.rpm a0f5c767dcb258960cb0b9004e6f73d3 x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE84vRmqjQ0CJFipgRApYkAKDZMyBRi8S7tFQhLu7BBksXEJZ99wCgigBG KQaiJLXuFtCzHgx664/xGe8= =ApW9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/