Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-552-1 binutils

Debian Security Advisory

DLA-552-1 binutils -- LTS security update

Date Reported:

18 Jul 2016

Affected Packages:

binutils

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131.

More information:

Some minor security issues have been identified and fixed in binutils in Debian LTS. These are:

• CVE-2016-2226

  Exploitable buffer overflow.

• CVE-2016-4487

  Invalid write due to a use-after-free to array btypevec.

• CVE-2016-4488

  Invalid write due to a use-after-free to array ktypevec.

• CVE-2016-4489

  Invalid write due to integer overflow.

• CVE-2016-4490

  Write access violation.

• CVE-2016-4492

  Write access violations.

• CVE-2016-4493

  Read access violations.

• CVE-2016-6131

  Stack buffer overflow when printing bad bytes in Intel Hex objects

For Debian 7 Wheezy, these problems have been fixed in version 2.22-8+deb7u3.

We recommend that you upgrade your binutils packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS