Updated binutils packages fix security vulnerability
Publication date: 03 Jan 2018Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2226 , CVE-2016-4487 , CVE-2016-4488 , CVE-2016-4489 , CVE-2016-4490 , CVE-2016-4492 , CVE-2016-4493 , CVE-2016-6131 , CVE-2017-6969 , CVE-2017-7210
Description
Exploitable buffer overflow (CVE-2016-2226).
Invalid write due to a use-after-free to array btypevec (CVE-2016-4487).
Invalid write due to a use-after-free to array ktypevec (CVE-2016-4488).
Invalid write due to integer overflow (CVE-2016-4489).
Write access violation (CVE-2016-4490).
Write access violations (CVE-2016-4492).
Read access violations (CVE-2016-4493).
Stack buffer overflow when printing bad bytes in Intel Hex objects
(CVE-2016-6131).
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read
while processing corrupt RL78 binaries. The vulnerability can trigger
program crashes. It may lead to an information leak as well
(CVE-2017-6969).
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer
over-reads (of size 1 and size 8) while handling corrupt STABS enum type
strings in a crafted object file, leading to program crash
(CVE-2017-7210).
References
- https://bugs.mageia.org/show_bug.cgi?id=22288
- https://lwn.net/Alerts/694764/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210
SRPMS
5/core
- binutils-2.24-12.1.mga5