USN-5124-1: GNU binutils vulnerabilities
25 October 2021
Several security issues were fixed in GNU binutils.
Releases
Packages
- binutils - GNU assembler, linker and binary utilities
Details
It was discovered that GNU binutils incorrectly handled certain hash
lookups. An attacker could use this issue to cause GNU binutils to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-16592)
It was discovered that GNU binutils incorrectly handled certain corrupt
DWARF debug sections. An attacker could possibly use this issue to cause
GNU binutils to consume memory, resulting in a denial of service.
(CVE-2021-3487)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
Ubuntu 18.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5341-1: binutils-hppa64-linux-gnu, binutils-mips64el-linux-gnuabi64, binutils-doc, binutils-dev, binutils-arm-linux-gnueabihf, binutils, binutils-mips64-linux-gnuabi64, binutils-aarch64-linux-gnu, binutils-arm-linux-gnueabi, binutils-source, binutils-m68k-linux-gnu, binutils-sparc64-linux-gnu, binutils-powerpc-linux-gnu, binutils-sh4-linux-gnu, binutils-powerpc-linux-gnuspe, binutils-alpha-linux-gnu, binutils-hppa-linux-gnu, binutils-multiarch, binutils-powerpc64le-linux-gnu, binutils-mipsel-linux-gnu, binutils-powerpc64-linux-gnu, binutils-s390x-linux-gnu, binutils-multiarch-dev, binutils-mips-linux-gnu