[ubuntu/jammy-updates] binutils 2.38-4ubuntu2.5 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon Jan 15 13:28:46 UTC 2024


binutils (2.38-4ubuntu2.5) jammy-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in dwarf.c
    - debian/patches/CVE-2022-44840.patch: delete range check (end_cu_tu_entry
      and add_shndx_to_cu_tu_entry) and fill shndx_pool by directly scanning
      pool, rather than indirectly from index entries (process_cu_tu_index).
    - CVE-2022-44840 
  * SECURITY UPDATE: heap buffer overflow in dwarf.c
    - debian/patches/CVE-2022-45703-0.patch: combine sanity checks. Calculate
      element counts, not word counts (display_gdb_index).
    - debian/patches/CVE-2022-45703-1.patch: typo fix.
    - CVE-2022-45703
  * SECURITY UPDATE: memory leak in stabs.c
    - debian/patches/CVE-2022-47007.patch: free dt on failure path
      (stab_demangle_v3_arg).
    - CVE-2022-47007
  * SECURITY UPDATE: memory leak in bucomm.c
    - debian/patches/CVE-2022-47008.patch: free template on all failure paths
      (make_tempdir, make_tempname).
    - CVE-2022-47008
  * SECURITY UPDATE: memory leak in prdbg.c
    - debian/patches/CVE-2022-47010.patch: free "s" on failure path
      (pr_function_type).
    - CVE-2022-47010
  * SECURITY UPDATE: memory leak in stabs.c
    - debian/patches/CVE-2022-47011.patch: free "fields" on failure path
      (parse_stab_struct_fields).
    - CVE-2022-47011

Date: 2024-01-05 11:15:47.225467+00:00
Changed-By: Nick Galanis <nick.galanis at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list