Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-184-1 binutils

Debian Security Advisory

DLA-184-1 binutils -- LTS security update

Date Reported:

28 Mar 2015

Affected Packages:

binutils

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738.

More information:

Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service.

For Debian 6 Squeeze, these issues have been fixed in binutils version 2.20.1-16+deb6u1