Format: 1.8 Date: Mon, 09 Feb 2015 02:11:51 -0800 Source: binutils Binary: binutils binutils-dev binutils-multiarch binutils-gold binutils-static binutils-static-udeb binutils-hppa64 binutils-spu binutils-doc binutils-source Architecture: amd64 amd64_translations Version: 2.22-6ubuntu1.2 Distribution: precise Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Steve Beattie Description: binutils - GNU assembler, linker and binary utilities binutils-dev - GNU binary utilities (BFD development files) binutils-doc - Documentation for the GNU assembler, linker and binary utilities binutils-gold - GNU gold linker utility binutils-hppa64 - GNU assembler, linker and binary utilities targeted for hppa64-li binutils-multiarch - Binary utilities that support multi-arch targets binutils-source - GNU assembler, linker and binary utilities (source) binutils-spu - GNU assembler, linker and binary utilities targeted for spu-elf binutils-static - statically linked binutils tools binutils-static-udeb - statically linked binutils tools for for the Debian installer Changes: binutils (2.22-6ubuntu1.2) precise-security; urgency=medium . * SECURITY UPDATE: integer overflow in objalloc_alloc - debian/patches/binutils-CVE-2012-3509.patch: Add overflow check covering alignment and CHUNK_HEADER_SIZE addition. - CVE-2012-3509 * SECURITY UPDATE: out-of-bounds read in srec_scan of bfd/srec.c - debian/patches/binutils-CVE-2014-8484.patch: report an error for S-records with less than the miniumum size - CVE-2014-8484 * SECURITY UPDATE: incorrect memory handling around corrupt group section headers - debian/patches/binutils-CVE-2014-8485.patch: Improve handling of corrupt group sections - CVE-2014-8485 * SECURITY UPDATE: out-of-bounds write in _bfd_XXi_swap_aouthdr_in - debian/patches/binutils-CVE-2014-8501.patch: Handle corrupt binaries with an invalid value for NumberOfRvaAndSizes. - CVE-2014-8501 * SECURITY UPDATE: pe_print_edata buffer overflow - debian/patches/binutils-CVE-2014-8502.patch: Detect out of range and truncated rvas or entry counts - CVE-2014-8502 * SECURITY UPDATE: ihex_scan buffer overflow - debian/patches/binutils-CVE-2014-8503.patch: Fix typo in invocation of ihex_bad_byte. - CVE-2014-8503 * SECURITY UPDATE: srec_scan buffer overflow - debian/patches/binutils-CVE-2014-8504.patch: Increase size of buf - CVE-2014-8504 * SECURITY UPDATE: directory traversal vulnerabilities - debian/patches/binutils-CVE-2014-8737.patch: disallow paths that include ../ - CVE-2014-8737 * SECURITY UPDATE: _bfd_slurp_extended_name_table out-of-bounds write - debian/patches/binutils-CVE-2014-8738.patch: Handle archives with corrupt extended name tables. - CVE-2014-8738 * SECURITY UPDATE: multiple miscellaneous overflows and out-of-bounds reads and writes - debian/patches/binutils-bz17512_prereqs.patch: cherrypicked prerequisite commits needed to apply following patch - debian/patches/binutils-bz17512-misc.patch: fix invalid memory accesses. * Security hardening: don't use libbfd by default in strings(1) - debian/patches/binutils-harden_strings.patch: Add new command line option --data to only scan the initialized, loadable data sections of binaries, using libbfd; make --all the default. Checksums-Sha1: 2b4e2ffe2def3deeb22ffaa0b4cd353b4a3da82b 2661102 binutils_2.22-6ubuntu1.2_amd64.deb 66dadaddd5d64caf2f086cb98b7e595ed4864834 4330484 binutils-dev_2.22-6ubuntu1.2_amd64.deb 38f840c759b6126f3744121f5fa39f67df12e72f 2261410 binutils-multiarch_2.22-6ubuntu1.2_amd64.deb cfe9fb9c404dd59d28f62d4e8e9074ad7aab03cf 863946 binutils-static_2.22-6ubuntu1.2_amd64.deb 570491dc0c09529068de5886acdc762e2e9a10da 860976 binutils-static-udeb_2.22-6ubuntu1.2_amd64.udeb 2e18ba2e3cd698f46e539f06e7220aa1712ded43 1440 binutils-gold_2.22-6ubuntu1.2_amd64.deb 33dab2b3293f91e51edf54982b6f56e2bc848a56 4646963 binutils_2.22-6ubuntu1.2_amd64_translations.tar.gz Checksums-Sha256: fbcd95e17de18f3f138e46894648e7c453a9eccb47c1fb32bc17af57e16fac54 2661102 binutils_2.22-6ubuntu1.2_amd64.deb 6d7081755f8373baa8e5c30e55e9b7bd93ac768880c4efa1b6fee9c1ca5676e0 4330484 binutils-dev_2.22-6ubuntu1.2_amd64.deb 07f5072f87e341beca968bd37976898d8cd3bdfa94d93f0fbddce8fc9368f808 2261410 binutils-multiarch_2.22-6ubuntu1.2_amd64.deb 544a4369db6fedee54f40849cbf8084bc84f10009cd3a521cf8e8f3831fc150d 863946 binutils-static_2.22-6ubuntu1.2_amd64.deb 0ec185e780ef722413b0100f8fb30756902e05fa98d558311c88f982200009a3 860976 binutils-static-udeb_2.22-6ubuntu1.2_amd64.udeb 1c43be4685cf2814bfc29d1f3226d421ddd3a1fbedb00b572f2a730758b0d759 1440 binutils-gold_2.22-6ubuntu1.2_amd64.deb ba3d6f0da00b16996d8e6d9e575684fd34fde48b87eed20a0c37a7e2fbc42a01 4646963 binutils_2.22-6ubuntu1.2_amd64_translations.tar.gz Files: cf9bb64cc73a43ab94fa6ee5f2e69c7b 2661102 devel optional binutils_2.22-6ubuntu1.2_amd64.deb 18202fa119a70996b6f4a488561b9c9a 4330484 devel extra binutils-dev_2.22-6ubuntu1.2_amd64.deb 275aaa317a0197aa04945a92c146f340 2261410 devel extra binutils-multiarch_2.22-6ubuntu1.2_amd64.deb 986d5fdc46656d671ba1580bd5b42f1a 863946 devel optional binutils-static_2.22-6ubuntu1.2_amd64.deb 1230e0f172cf6dc7e107ba9a991c01a9 860976 debian-installer optional binutils-static-udeb_2.22-6ubuntu1.2_amd64.udeb ca497572972411f25948397613dc7ad0 1440 devel extra binutils-gold_2.22-6ubuntu1.2_amd64.deb b67d4076630633df9ac9f5eed19879a4 4646963 raw-translations - binutils_2.22-6ubuntu1.2_amd64_translations.tar.gz Original-Maintainer: Matthias Klose