USN-336-1: binutils vulnerability

17 August 2006

binutils vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description


A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user’s privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
binutils - 2.16.1-2ubuntu6.2
binutils-static - 2.16.1-2ubuntu6.2
Ubuntu 5.04
binutils - 2.15-5ubuntu2.4

To update your system, please follow these instructions:

In general, a standard system upgrade is sufficient to effect the necessary changes.