Related information

GNU assembler buffer overflow

From:	UBUNTU
Date:	18.08.2006
Subject:	[USN-336-1] binutils vulnerability

===========================================================
Ubuntu Security Notice USN-336-1            August 16, 2006
binutils vulnerability
http://bugs.gentoo.org/show_bug.cgi?id=99464
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
 binutils                                 2.15-5ubuntu2.4

Ubuntu 5.10:
 binutils                                 2.16.1-2ubuntu6.2
 binutils-static                          2.16.1-2ubuntu6.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A buffer overflow was discovered in gas (the GNU assembler). By
tricking an user or automated system (like a compile farm) into
assembling a specially crafted source file with gcc or gas, this could
be exploited to execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.
4.diff.gz
     Size/MD5:    43030 165be56a4c94f4cf3edcd20bb26c6e40
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.
4.dsc
     Size/MD5:      781 3a23d48803cc6ccc254de4bed6d1f6bc
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15.orig.tar.
gz
     Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.15-5ubun
tu2.4_all.deb
     Size/MD5:   434332 dfaae7efb7f1d2e8e776184fd17767d4

 amd64 architecture (Athlon64, Opteron, EM64T Xeon)

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubun
tu2.4_amd64.deb
     Size/MD5:  2839652 b6b0ebc4d921c4e22fdceb703e378c55
   http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_
2.15-5ubuntu2.4_amd64.deb
     Size/MD5:  8021684 bc9f89cb0a83954894b7592d60c5723b
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.
4_amd64.deb
     Size/MD5:  1369002 6cea7a328eeed4997974a7a1584fb9c5

 i386 architecture (x86 compatible Intel/AMD)

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubun
tu2.4_i386.deb
     Size/MD5:  2795812 8bd98d94b019bcf9f5179a9242501bd2
   http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_
2.15-5ubuntu2.4_i386.deb
     Size/MD5:  7868346 04fbf5ef9336da5926fccd01ac5d6ddf
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.
4_i386.deb
     Size/MD5:  1323958 9cc06f28d94d285a33586e7086c453fd

 powerpc architecture (Apple Macintosh G3/G4/G5)

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubun
tu2.4_powerpc.deb
     Size/MD5:  3470788 9175f3010fa9d80a3069eef533339b34
   http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_
2.15-5ubuntu2.4_powerpc.deb
     Size/MD5:  9385400 e8827cf1704ad45eb9d93deca0f1410f
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.
4_powerpc.deb
     Size/MD5:  1465166 ead0bbfd83183858da7265d60638ce41

Updated packages for Ubuntu 5.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu
6.2.diff.gz
     Size/MD5:    41243 beae257ca1a0e4abf77fa4ecddd4ff9c
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu
6.2.dsc
     Size/MD5:      892 27a4ef64c54100424424313c8873bb6d
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1.orig.ta
r.gz
     Size/MD5: 16378360 818bd33cc45bfe3d5b4b2ddf288ecdea

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.16.1-2ub
untu6.2_all.deb
     Size/MD5:   459840 62bad45ce720098cd5d7bfcd7bdc73f7

 amd64 architecture (Athlon64, Opteron, EM64T Xeon)

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ub
untu6.2_amd64.deb
     Size/MD5:  2359240 c9219796dd147dcab7b8c53bc71555c6
   http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_
2.16.1-2ubuntu6.2_amd64.deb
     Size/MD5:  7202160 5d5ff31efc9c788ee212cf16927fd25d
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.
16.1-2ubuntu6.2_amd64.udeb
     Size/MD5:   605798 859dc5148f5e9a03287d00f363f1b49d
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-
2ubuntu6.2_amd64.deb
     Size/MD5:   631940 13baf60e6742003f98f37a5634185642
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu
6.2_amd64.deb
     Size/MD5:  1553658 7189b2459d4b502d48aa9672b7ec6549

 i386 architecture (x86 compatible Intel/AMD)

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ub
untu6.2_i386.deb
     Size/MD5:  2219950 33019299b1e8dd12b5d895dfa87bc21d
   http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_
2.16.1-2ubuntu6.2_i386.deb
     Size/MD5:  6748650 0c8b3ef38b1eb856e1b7709ecc614100
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.
16.1-2ubuntu6.2_i386.udeb
     Size/MD5:   500860 74f557eb5334985806b1538cc548678e
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-
2ubuntu6.2_i386.deb
     Size/MD5:   526702 fb3cc66b05cc187012d76209b766e38b
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu
6.2_i386.deb
     Size/MD5:  1469958 43c4a9cd2676939986d2942df6802ddf

 powerpc architecture (Apple Macintosh G3/G4/G5)

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ub
untu6.2_powerpc.deb
     Size/MD5:  2836566 a62abafae842b82365461d169ec22560
   http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_
2.16.1-2ubuntu6.2_powerpc.deb
     Size/MD5:  8204644 2f61a9c28bbe75568f4fe1ee9d69e80a
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.
16.1-2ubuntu6.2_powerpc.udeb
     Size/MD5:   619148 6d397e7d80d9799afbf08f786d376dc0
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-
2ubuntu6.2_powerpc.deb
     Size/MD5:   645148 3431c1f8856d98e8a4e6042ce965b383
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu
6.2_powerpc.deb
     Size/MD5:  1653244 b5f05a08244f787007e998983bd98404

 sparc architecture (Sun SPARC/UltraSPARC)

   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.16.1-2ub
untu6.2_sparc.deb
     Size/MD5:  2198848 49b9d9a733e42c55e52d3716a45f74f4
   http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_
2.16.1-2ubuntu6.2_sparc.deb
     Size/MD5:  7109082 88695d693f09a7f02d23373092361ffe
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static-udeb_2.
16.1-2ubuntu6.2_sparc.udeb
     Size/MD5:   622590 ad7cdd890181b06b6cb7d055dcdfa988
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static_2.16.1-
2ubuntu6.2_sparc.deb
     Size/MD5:   648420 7ef50ebce215526620acaf8273eede10
   http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1-2ubuntu
6.2_sparc.deb
     Size/MD5:  1493928 9be9b0e14816abd1704b1dfbe0f804ca