Please enable Javascript in your browser to view this page properly!

    Es sind keine aktuell gesichteten CVEs verfügbar
    Sie können hier für Sie wichtige CVEs anheften, um sie später schneller wiederfinden zu können.

Tuesday, 10.02.2015

Ubuntu Security Notice USN-2496-1

 
Ubuntu Linux Logo

Fixed vulnerabilities:


  • CVE-2014-8485 (VulnLIB link)
Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
    • 

  • CVE-2014-8501 (VulnLIB link)
Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
    • 

  • CVE-2014-8502 (VulnLIB link)
Hanno Böck discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
    • 

  • CVE-2014-8737 (VulnLIB link)
Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. An attacker could use this to craft input that could delete arbitrary files.
    • 

  • CVE-2014-8738 (VulnLIB link)
Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
    • 

  • CVE-2014-8503 (VulnLIB link)
Hanno Böck discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash).
    • 

  • CVE-2014-8504 (VulnLIB link)
Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. An attacker could use this to to craft input that could cause a denial of service (application crash); the GNU C library's Fortify Source printf protection should prevent the possibility of executing arbitrary code.
    • 

  • CVE-2014-8484 (VulnLIB link)
Michal Zalewski discovered that the srec_scan function in libbfd in GNU binutils allowed out-of-bounds reads. An attacker could use this to craft input to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS.
    • 

  • CVE-2012-3509 (VulnLIB link)
Sang Kil Cha discovered multiple integer overflows in the _objalloc_alloc function and objalloc_alloc macro in binutils. This could allow an attacker to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS.
    • 



Affected releases:


  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS


Software description:


  • binutils - GNU assembler, linker and binary utilities


Solution:


  • Check VulnLIB for fixes for CVEs listed above.


Source:
Geposted von Ali Elci


Ali Elci is an IT security specialist with more than 16 years of experience consulting for government and industry, an advocate for transparency and standardization in security reporting, and the founder of Ciproc GmbH.

VulnLIB Enterprise Auditor ist ein leistungsfähiges, innovatives Tool, welches eine umfassende, tagesaktuelle Kontrolle über fehlende Sicherheitsupdates einer kompletten IT-Infrastruktur bereitstellen kann; gleichzeitig liefert es spezifische Empfehlungen für Patches und Upgrades der Softwarehersteller.

mehr

© 2014 Ciproc GmbH

Danke sehr!