Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5762-1

Ubuntu Security Notice 5762-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Packet Storm
#vulnerability#ubuntu

=========================================================================
Ubuntu Security Notice USN-5762-1
December 05, 2022

binutils vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 ESM

Summary:

GNU binutils could be made to crash or execute arbitrary code if it received
a specially crafted COFF file.

Software Description:

  • binutils: GNU assembler, linker and binary utilities

Details:

It was discovered that GNU binutils incorrectly handled certain COFF files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
binutils 2.39-3ubuntu1.1
binutils-multiarch 2.39-3ubuntu1.1

Ubuntu 22.04 LTS:
binutils 2.38-4ubuntu2.1
binutils-multiarch 2.38-4ubuntu2.1

Ubuntu 20.04 LTS:
binutils 2.34-6ubuntu1.4
binutils-multiarch 2.34-6ubuntu1.4

Ubuntu 18.04 LTS:
binutils 2.30-21ubuntu1~18.04.8
binutils-multiarch 2.30-21ubuntu1~18.04.8

Ubuntu 16.04 ESM:
binutils 2.26.1-1ubuntu1~16.04.8+esm5
binutils-multiarch 2.26.1-1ubuntu1~16.04.8+esm5

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5762-1
CVE-2022-38533

Package Information:
https://launchpad.net/ubuntu/+source/binutils/2.39-3ubuntu1.1
https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.1
https://launchpad.net/ubuntu/+source/binutils/2.34-6ubuntu1.4
https://launchpad.net/ubuntu/+source/binutils/2.30-21ubuntu1~18.04.8

Related news

Ubuntu Security Notice USN-6544-1

Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Gentoo Linux Security Advisory 202309-15

Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVE-2022-38533: Invalid Bug ID

In GNU Binutils before 2.4.0, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution