Lucene search

K
debianDebianDEBIAN:DLA-552-1:1F392
HistoryJul 18, 2016 - 8:45 a.m.

[SECURITY] [DLA 552-1] binutils security update

2016-07-1808:45:05
lists.debian.org
13

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.026

Percentile

90.3%

Package : binutils
Version : 2.22-8+deb7u3
CVE ID : CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489
CVE-2016-4490 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131

Some minor security issues have been identified and fixed in binutils in
Debian LTS. These are:

CVE-2016-2226

Exploitable buffer overflow.

CVE-2016-4487

Invalid write due to a use-after-free to array btypevec.

CVE-2016-4488

Invalid write due to a use-after-free to array ktypevec.

CVE-2016-4489

Invalid write due to integer overflow.

CVE-2016-4490

Write access violation.

CVE-2016-4492

Write access violations.

CVE-2016-4493

Read access violations.

CVE-2016-6131

Stack buffer overflow when printing bad bytes in Intel Hex objects

For Debian 7 "Wheezy", these problems have been fixed in version
2.22-8+deb7u3.

We recommend that you upgrade your binutils packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Brian May <[email protected]>

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.026

Percentile

90.3%