Format: 1.8 Date: Mon, 09 Feb 2015 02:27:20 -0800 Source: binutils Binary: binutils binutils-dev binutils-multiarch binutils-gold binutils-static binutils-static-udeb binutils-hppa64 binutils-spu binutils-doc binutils-source Architecture: amd64 amd64_translations Version: 2.20.1-3ubuntu7.2 Distribution: lucid Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Steve Beattie Description: binutils - The GNU assembler, linker and binary utilities binutils-dev - The GNU binary utilities (BFD development files) binutils-doc - Documentation for the GNU assembler, linker and binary utilities binutils-gold - The (experimental) GNU gold linker utility binutils-hppa64 - The GNU assembler, linker and binary utilities targeted for hppa6 binutils-multiarch - Binary utilities that support multi-arch targets binutils-source - The GNU assembler, linker and binary utilities (source) binutils-spu - The GNU assembler, linker and binary utilities targeted for spu-e binutils-static - statically linked binutils tools binutils-static-udeb - statically linked binutils tools for for the Debian installer Changes: binutils (2.20.1-3ubuntu7.2) lucid-security; urgency=medium . * SECURITY UPDATE: integer overflow in objalloc_alloc - debian/patches/300-CVE-2012-3509.dpatch: Add overflow check covering alignment and CHUNK_HEADER_SIZE addition. - CVE-2012-3509 * SECURITY UPDATE: out-of-bounds read in srec_scan of bfd/srec.c - debian/patches/301-CVE-2014-8484.dpatch: report an error for S-records with less than the miniumum size - CVE-2014-8484 * SECURITY UPDATE: incorrect memory handling around corrupt group section headers - debian/patches/302-CVE-2014-8485.dpatch: Improve handling of corrupt group sections - CVE-2014-8485 * SECURITY UPDATE: out-of-bounds write in _bfd_XXi_swap_aouthdr_in - debian/patches/303-CVE-2014-8501.dpatch: Handle corrupt binaries with an invalid value for NumberOfRvaAndSizes. - CVE-2014-8501 * SECURITY UPDATE: pe_print_edata buffer overflow - debian/patches/304-CVE-2014-8502.dpatch: Detect out of range and truncated rvas or entry counts - CVE-2014-8502 * SECURITY UPDATE: ihex_scan buffer overflow - debian/patches/305-CVE-2014-8503.dpatch: Fix typo in invocation of ihex_bad_byte. - CVE-2014-8503 * SECURITY UPDATE: srec_scan buffer overflow - debian/patches/306-CVE-2014-8504.dpatch: Increase size of buf - CVE-2014-8504 * SECURITY UPDATE: directory traversal vulnerabilities - debian/patches/307-CVE-2014-8737.dpatch: disallow paths that include ../ - CVE-2014-8737 * SECURITY UPDATE: _bfd_slurp_extended_name_table out-of-bounds write - debian/patches/308-CVE-2014-8738.dpatch: Handle archives with corrupt extended name tables. - CVE-2014-8738 * SECURITY UPDATE: multiple miscellaneous overflows and out-of-bounds reads and writes - debian/patches/309-bz17512-misc.dpatch: fix invalid memory accesses. * Security hardening: don't use libbfd by default in strings(1) - debian/patches/310-harden_strings.dpatch: Add new command line option --data to only scan the initialized, loadable data sections of binaries, using libbfd; make --all the default. Checksums-Sha1: 5ad02d2fdd00c85edbc12f3d01fea2e5b3270a3d 1669942 binutils_2.20.1-3ubuntu7.2_amd64.deb 202448aaa3f91d89f1d212b7c4fd897c0af7e194 3607094 binutils-dev_2.20.1-3ubuntu7.2_amd64.deb 56622d36cb07d6e52b8248bb0e631b565896481c 2072724 binutils-multiarch_2.20.1-3ubuntu7.2_amd64.deb d5fae89a20ed2efda7c3710731d11f7b17f5fdfd 825140 binutils-static_2.20.1-3ubuntu7.2_amd64.deb 54d5180ca67c3fed8f70e94c5644a1f30dc26de8 787270 binutils-static-udeb_2.20.1-3ubuntu7.2_amd64.udeb a18b84a01046212fc057f397ae3980ec1f9668b0 690218 binutils-gold_2.20.1-3ubuntu7.2_amd64.deb 3dfc948cf9227a06631053e8b4a1bb1f98a77f2d 3617024 binutils_2.20.1-3ubuntu7.2_amd64_translations.tar.gz Checksums-Sha256: d8f35273fbfe3f71e79db787bb969e2726c8b79f9a95d75e4fa088f64711374e 1669942 binutils_2.20.1-3ubuntu7.2_amd64.deb 1a08f5312148881974fa55dc3d3bb38da84644bd092d1877e9df4fa870e0394c 3607094 binutils-dev_2.20.1-3ubuntu7.2_amd64.deb e6426cedbd8036f26e86db8c9ba8ca6f603768cc80c1b1369775a6faf581fceb 2072724 binutils-multiarch_2.20.1-3ubuntu7.2_amd64.deb e90c2a65a8549a999fb76781077fba8511389e5b21284219fe24a31c4e22ca47 825140 binutils-static_2.20.1-3ubuntu7.2_amd64.deb 260fce9f2fc074d9b5e628f47e67631a490e176e75f248c4440d6c5d7a01725c 787270 binutils-static-udeb_2.20.1-3ubuntu7.2_amd64.udeb 3081197eabc75ef9d7b480785c643e422c40c56e4c2a9a9555eb4c9d95404c19 690218 binutils-gold_2.20.1-3ubuntu7.2_amd64.deb e5b79692a579d274848dfc122c900fa5c79477845a045a77f574fc0fe516f32d 3617024 binutils_2.20.1-3ubuntu7.2_amd64_translations.tar.gz Files: d77483d1c36a8db99d020b4a80cbddaf 1669942 devel optional binutils_2.20.1-3ubuntu7.2_amd64.deb d782fafff7643f4346459b5991c33578 3607094 devel extra binutils-dev_2.20.1-3ubuntu7.2_amd64.deb 3d1b5f3c4b7a4e628167e2bf6d9b1deb 2072724 devel extra binutils-multiarch_2.20.1-3ubuntu7.2_amd64.deb c02347b193c02fa535942640524c1d12 825140 devel optional binutils-static_2.20.1-3ubuntu7.2_amd64.deb f29f34ca45c9f203b9cf2eff41dde8cf 787270 debian-installer optional binutils-static-udeb_2.20.1-3ubuntu7.2_amd64.udeb f3347c3957510237398c415ef2f6856d 690218 devel extra binutils-gold_2.20.1-3ubuntu7.2_amd64.deb ceacbb7b2fba86daff81987673cb8fd9 3617024 raw-translations - binutils_2.20.1-3ubuntu7.2_amd64_translations.tar.gz Original-Maintainer: Matthias Klose