binutils 2.22-6ubuntu1.2 source package in Ubuntu

Changelog

binutils (2.22-6ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflow in objalloc_alloc
    - debian/patches/binutils-CVE-2012-3509.patch: Add overflow check
      covering alignment and CHUNK_HEADER_SIZE addition.
    - CVE-2012-3509
  * SECURITY UPDATE: out-of-bounds read in srec_scan of bfd/srec.c
    - debian/patches/binutils-CVE-2014-8484.patch: report an error
      for S-records with less than the miniumum size
    - CVE-2014-8484
  * SECURITY UPDATE: incorrect memory handling around corrupt group
    section headers
    - debian/patches/binutils-CVE-2014-8485.patch: Improve handling
      of corrupt group sections
    - CVE-2014-8485
  * SECURITY UPDATE: out-of-bounds write in _bfd_XXi_swap_aouthdr_in
    - debian/patches/binutils-CVE-2014-8501.patch: Handle corrupt
      binaries with an invalid value for NumberOfRvaAndSizes.
    - CVE-2014-8501
  * SECURITY UPDATE: pe_print_edata buffer overflow
    - debian/patches/binutils-CVE-2014-8502.patch: Detect out of
      range and truncated rvas or entry counts
    - CVE-2014-8502
  * SECURITY UPDATE: ihex_scan buffer overflow
    - debian/patches/binutils-CVE-2014-8503.patch: Fix typo in
      invocation of ihex_bad_byte.
    - CVE-2014-8503
  * SECURITY UPDATE: srec_scan buffer overflow
    - debian/patches/binutils-CVE-2014-8504.patch: Increase size of buf
    - CVE-2014-8504
  * SECURITY UPDATE: directory traversal vulnerabilities
    - debian/patches/binutils-CVE-2014-8737.patch: disallow paths that
      include ../
    - CVE-2014-8737
  * SECURITY UPDATE: _bfd_slurp_extended_name_table out-of-bounds write
    - debian/patches/binutils-CVE-2014-8738.patch: Handle archives
      with corrupt extended name tables.
    - CVE-2014-8738
  * SECURITY UPDATE: multiple miscellaneous overflows and out-of-bounds
    reads and writes
    - debian/patches/binutils-bz17512_prereqs.patch: cherrypicked
      prerequisite commits needed to apply following patch
    - debian/patches/binutils-bz17512-misc.patch: fix invalid memory
      accesses.
  * Security hardening: don't use libbfd by default in strings(1)
    - debian/patches/binutils-harden_strings.patch: Add new command
      line option --data to only scan the initialized, loadable data
      sections of binaries, using libbfd; make --all the default.
 -- Steve Beattie <email address hidden>   Mon, 09 Feb 2015 02:11:51 -0800

Upload details

Uploaded by:
Steve Beattie on 2015-02-09
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
binutils_2.22.orig.tar.gz 25.6 MiB 12c26349fc7bb738f84b9826c61e103203187ca2d46f08b82e61e21fcbc6e3e6
binutils_2.22-6ubuntu1.2.diff.gz 226.2 KiB 23b190ff8914ba8b1f65f815f7defbdf004ad3767f53cc2793716feef9092dd1
binutils_2.22-6ubuntu1.2.dsc 2.5 KiB 331b31d436360951f48d1ea8da79556bb01af218df952f3f32885c518e4a6af4

View changes file

Binary packages built by this source

binutils: GNU assembler, linker and binary utilities

 The programs in this package are used to assemble, link and manipulate
 binary and object files. They may be used in conjunction with a compiler
 and various libraries to build programs.

binutils-dev: GNU binary utilities (BFD development files)

 This package includes header files and static libraries necessary to build
 programs which use the GNU BFD library, which is part of binutils. Note
 that building Debian packages which depend on the shared libbfd is Not
 Allowed.

binutils-doc: Documentation for the GNU assembler, linker and binary utilities

 This package consists of the documentation for the GNU assembler,
 linker and binary utilities in info format.

binutils-gold: GNU gold linker utility

 Gold is a new linker, which is faster than the current linker included
 in binutils.
 .
 This package diverts the GNU linker (ld) with the gold linker.

binutils-multiarch: Binary utilities that support multi-arch targets

 The programs in this package are used to manipulate binary and object
 files that may have been created on other architectures. This package
 is primarily for multi-architecture developers and cross-compilers and
 is not needed by normal users or developers. Note that a cross-assembling
 version of gas is not included in this package, just the binary utilities.
 NORMAL USERS SHOULD NOT INSTALL THIS PACKAGE. It's meant only for those
 requiring support for reading info from binaries from other architectures.

binutils-source: GNU assembler, linker and binary utilities (source)

 This package contains the sources and patches which are needed to
 build binutils.

binutils-spu: GNU assembler, linker and binary utilities targeted for spu-elf

 The programs in this package are used to assemble, link and manipulate
 binary and object files. They may be used in conjunction with a compiler
 and various libraries to build programs.
 .
 This package is needed to build programs for Cell Broadband Engine SPU
 processors.

binutils-static: statically linked binutils tools

 This package contains statically linked binutils tools used
 for linking kernel modules needed to mount /usr or /. At the moment,
 it only contains ld.

binutils-static-udeb: statically linked binutils tools for for the Debian installer

 This package contains statically linked binutils tools used
 for linking kernel modules needed to mount /usr or /. At the moment,
 it only contains ld.