Ubuntu Security Notice 3368-1 - It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
50d0035ae5405187e36f6b8023b1bda1409d21528024b3a2b48a5d0e95f6b50c
==========================================================================
Ubuntu Security Notice USN-3368-1
July 26, 2017
libiberty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in libiberty.
Software Description:
- libiberty: library of utility functions used by GNU programs
Details:
It was discovered that libiberty incorrectly handled certain string
operations. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
libiberty to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-2226)
It was discovered that libiberty incorrectly handled parsing certain
binaries. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
libiberty to crash, resulting in a denial of service. This issue only
applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487,
CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493,
CVE-2016-6131)
It was discovered that libiberty incorrectly handled parsing certain
binaries. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
libiberty to crash, resulting in a denial of service. (CVE-2016-4491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libiberty-dev 20161220-1ubuntu0.2
Ubuntu 16.04 LTS:
libiberty-dev 20160215-1ubuntu0.2
Ubuntu 14.04 LTS:
libiberty-dev 20131116-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3368-1
CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489,
CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493,
CVE-2016-6131
Package Information:
https://launchpad.net/ubuntu/+source/libiberty/20161220-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libiberty/20160215-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libiberty/20131116-1ubuntu0.2