[ubuntu/kinetic-security] binutils 2.39-3ubuntu1.2 (Accepted)

Nishit Majithia nishit.majithia at canonical.com
Wed May 24 09:15:04 UTC 2023

binutils (2.39-3ubuntu1.2) kinetic-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow vulnerability
    - debian/patches/CVE-2023-1579.patch: Fix a potential illegal memory
      access in the BFD library when parsing a corrupt DWARF file.
    - debian/patches/CVE-2023-1972.patch: Fix an illegal memory access
      when an accessing a zer0-lengthverdef table.
    - CVE-2023-1579
    - CVE-2023-1972
  * SECURITY UPDATE: out-of-bound read vulnerability
    - debian/patches/CVE-2023-25584.patch: Lack of bounds checking in
      vms-alpha.c parse_module
    - CVE-2023-25584
  * SECURITY UPDATE: segmentation fault due to uninitialized `file_table`
    - debian/patches/CVE-2023-25585.patch: Use bfd_zmalloc to alloc
    - CVE-2023-25585
  * SECURITY UPDATE: segmentation fault due to uninitialized `the_bfd`
    - debian/patches/CVE-2023-25588.patch: Field `the_bfd` of `asymbol` is
    - CVE-2023-25588

Date: 2023-05-22 12:20:09.101991+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the kinetic-changes mailing list