Ubuntu Security Notice 5341-1 - It was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils incorrectly handled certain corrupt DWARF debug sections. An attacker could possibly use this issue to cause GNU binutils to consume memory, resulting in a denial of service.
5dd2bf59a94e2bb71ef4757fef7d8dbca421e60dbbba4fbcd60d04f7c2ebb405
==========================================================================
Ubuntu Security Notice USN-5341-1
March 22, 2022
binutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in GNU binutils.
Software Description:
- binutils: GNU assembler, linker and binary utilities
Details:
It was discovered that GNU binutils incorrectly handled checks for memory
allocation when parsing relocs in a corrupt file. An attacker could possibly
use this issue to cause a denial of service. (CVE-2017-17122)
It was discovered that GNU binutils incorrectly handled certain corrupt
DWARF
debug sections. An attacker could possibly use this issue to cause GNU
binutils to consume memory, resulting in a denial of service.
(CVE-2021-3487)
It was discovered that GNU binutils incorrectly performed bounds checking
operations when parsing stabs debugging information. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2021-45078)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
binutils 2.26.1-1ubuntu1~16.04.8+esm3
binutils-multiarch 2.26.1-1ubuntu1~16.04.8+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5341-1
CVE-2017-17122, CVE-2021-3487, CVE-2021-45078