USN-5124-1: GNU binutils vulnerabilities

Releases

• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• binutils - GNU assembler, linker and binary utilities

Details

It was discovered that GNU binutils incorrectly handled certain hash
lookups. An attacker could use this issue to cause GNU binutils to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-16592)

It was discovered that GNU binutils incorrectly handled certain corrupt
DWARF debug sections. An attacker could possibly use this issue to cause
GNU binutils to consume memory, resulting in a denial of service.
(CVE-2021-3487)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

• binutils-multiarch - 2.34-6ubuntu1.3
• binutils - 2.34-6ubuntu1.3

Ubuntu 18.04

• binutils-multiarch - 2.30-21ubuntu1~18.04.7
• binutils - 2.30-21ubuntu1~18.04.7

In general, a standard system update will make all the necessary changes.

References

• CVE-2021-3487
• CVE-2020-16592

Related notices

• USN-5341-1: binutils-arm-linux-gnueabihf, binutils-hppa-linux-gnu, binutils-sparc64-linux-gnu, binutils-mips64el-linux-gnuabi64, binutils-doc, binutils-s390x-linux-gnu, binutils-alpha-linux-gnu, binutils-powerpc64le-linux-gnu, binutils-m68k-linux-gnu, binutils-powerpc64-linux-gnu, binutils, binutils-hppa64-linux-gnu, binutils-multiarch-dev, binutils-powerpc-linux-gnuspe, binutils-multiarch, binutils-mips-linux-gnu, binutils-mips64-linux-gnuabi64, binutils-mipsel-linux-gnu, binutils-aarch64-linux-gnu, binutils-sh4-linux-gnu, binutils-source, binutils-arm-linux-gnueabi, binutils-powerpc-linux-gnu, binutils-dev