Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
9f2d15cd39eb8aa25961b37f885531e1ac117b562c6ee00429e116f924ee59f1
==========================================================================
Ubuntu Security Notice USN-6544-1
December 11, 2023
binutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in GNU binutils.
Software Description:
- binutils: GNU assembler, linker and binary utilities
Details:
It was discovered that GNU binutils incorrectly handled certain COFF files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-38533)
It was discovered that GNU binutils was not properly performing bounds
checks in several functions, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service,
expose sensitive information or execute arbitrary code. This issue only
affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-4285, CVE-2020-19726, CVE-2021-46174)
It was discovered that GNU binutils contained a reachable assertion, which
could lead to an intentional assertion failure when processing certain
crafted DWARF files. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2022-35205)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
binutils 2.38-4ubuntu2.4
binutils-multiarch 2.38-4ubuntu2.4
Ubuntu 20.04 LTS:
binutils 2.34-6ubuntu1.7
binutils-multiarch 2.34-6ubuntu1.7
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
binutils 2.24-5ubuntu14.2+esm6
binutils-multiarch 2.24-5ubuntu14.2+esm6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6544-1
CVE-2020-19726, CVE-2021-46174, CVE-2022-35205, CVE-2022-38533,
CVE-2022-4285
Package Information:
https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.4
https://launchpad.net/ubuntu/+source/binutils/2.34-6ubuntu1.7