Publishing details

Published on 2023-06-01
Copied from ubuntu jammy in PPA for Ubuntu Security Proposed

Changelog

binutils (2.38-4ubuntu2.2) jammy-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow vulnerability
    - debian/patches/CVE-2023-1972.patch: Fix an illegal memory access
      when an accessing a zer0-lengthverdef table.
    - CVE-2023-1972
  * SECURITY UPDATE: out-of-bound read vulnerability
    - debian/patches/CVE-2023-25584.patch: Lack of bounds checking in
      vms-alpha.c parse_module
    - CVE-2023-25584
  * SECURITY UPDATE: segmentation fault due to uninitialized `file_table`
    - debian/patches/CVE-2023-25585.patch: Use bfd_zmalloc to alloc
      file_table
    - CVE-2023-25585
  * SECURITY UPDATE: segmentation fault due to uninitialized `the_bfd`
    - debian/patches/CVE-2023-25588.patch: Field `the_bfd` of `asymbol` is
      uninitialised
    - CVE-2023-25588

 -- Nishit Majithia <email address hidden>  Mon, 22 May 2023 12:48:33 +0530

Available diffs

diff from 2.38-4ubuntu2.1 to 2.38-4ubuntu2.2 (5.3 KiB)

Builds

Package files

binutils_2.38-4ubuntu2.2.debian.tar.xz (286.2 KiB)
binutils_2.38-4ubuntu2.2.dsc (8.5 KiB)
binutils_2.38.orig.tar.xz (22.6 MiB)