Debian Security Advisory

DLA-324-1 binutils -- LTS security update

Date Reported:
02 Oct 2015
Affected Packages:
binutils
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 688951.
In Mitre's CVE dictionary: CVE-2012-3509.
More information:

This update fixes several issues as described below.

  • PR ld/12613 (no CVE assigned)

    Niranjan Hasabnis discovered that passing an malformed linker script to GNU ld, part of binutils, may result in a stack buffer overflow. If the linker is used with untrusted object files, this would allow remote attackers to cause a denial of service (crash) or possibly privilege escalation.

  • CVE-2012-3509, #688951

    Sang Kil Cha discovered that a buffer size calculation in libiberty, part of binutils, may result in integer overflow and then a heap buffer overflow. If libiberty or the commands in binutils are used to read untrusted binaries, this would allow remote attackers to cause a denial of service (crash) or possibly privilege escalation.

  • >PR binutils/18750 (no CVE assigned)

    Joshua Rogers reported that passing a malformed ihex (Intel hexadecimal) file to to various commands in binutils may result in a stack buffer overflow. A similar issue was found in readelf. If these commands are used to read untrusted binaries, this would allow remote attackers to cause a denial of service (crash) or possibly privilege escalation.

For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.20.1-16+deb6u2.

For the oldstable distribution (wheezy) and the stable distribution (jessie), PR ld/12613 and CVE-2012-3509 were fixed before release, and PR binutils/18750 will be fixed in a later update.