[USN-5124-1] GNU binutils vulnerabilities

Marc Deslauriers marc.deslauriers at canonical.com
Mon Oct 25 16:41:43 UTC 2021

Ubuntu Security Notice USN-5124-1
October 25, 2021

binutils vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS


Several security issues were fixed in GNU binutils.

Software Description:
- binutils: GNU assembler, linker and binary utilities


It was discovered that GNU binutils incorrectly handled certain hash
lookups. An attacker could use this issue to cause GNU binutils to crash,
resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that GNU binutils incorrectly handled certain corrupt
DWARF debug sections. An attacker could possibly use this issue to cause
GNU binutils to consume memory, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  binutils                        2.34-6ubuntu1.3
  binutils-multiarch              2.34-6ubuntu1.3

Ubuntu 18.04 LTS:
  binutils                        2.30-21ubuntu1~18.04.7
  binutils-multiarch              2.30-21ubuntu1~18.04.7

In general, a standard system update will make all the necessary changes.

  CVE-2020-16592, CVE-2021-3487

Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20211025/43e47e75/attachment.sig>

More information about the ubuntu-security-announce mailing list