Headline
Ubuntu Security Notice USN-5762-1
Ubuntu Security Notice 5762-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
=========================================================================
Ubuntu Security Notice USN-5762-1
December 05, 2022
binutils vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
GNU binutils could be made to crash or execute arbitrary code if it received
a specially crafted COFF file.
Software Description:
- binutils: GNU assembler, linker and binary utilities
Details:
It was discovered that GNU binutils incorrectly handled certain COFF files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
binutils 2.39-3ubuntu1.1
binutils-multiarch 2.39-3ubuntu1.1
Ubuntu 22.04 LTS:
binutils 2.38-4ubuntu2.1
binutils-multiarch 2.38-4ubuntu2.1
Ubuntu 20.04 LTS:
binutils 2.34-6ubuntu1.4
binutils-multiarch 2.34-6ubuntu1.4
Ubuntu 18.04 LTS:
binutils 2.30-21ubuntu1~18.04.8
binutils-multiarch 2.30-21ubuntu1~18.04.8
Ubuntu 16.04 ESM:
binutils 2.26.1-1ubuntu1~16.04.8+esm5
binutils-multiarch 2.26.1-1ubuntu1~16.04.8+esm5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5762-1
CVE-2022-38533
Package Information:
https://launchpad.net/ubuntu/+source/binutils/2.39-3ubuntu1.1
https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.1
https://launchpad.net/ubuntu/+source/binutils/2.34-6ubuntu1.4
https://launchpad.net/ubuntu/+source/binutils/2.30-21ubuntu1~18.04.8
Related news
Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
In GNU Binutils before 2.4.0, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.