binutils - security update

This update fixes several issues as described below.

• PR ld/12613 (no CVE assigned)

Niranjan Hasabnis discovered that passing an malformed linker
script to GNU ld, part of binutils, may result in a stack buffer
overflow. If the linker is used with untrusted object files, this
would allow remote attackers to cause a denial of service (crash)
or possibly privilege escalation.

• CVE-2012-3509, #688951

Sang Kil Cha discovered that a buffer size calculation in
libiberty, part of binutils, may result in integer overflow and
then a heap buffer overflow. If libiberty or the commands in
binutils are used to read untrusted binaries, this would allow
remote attackers to cause a denial of service (crash) or possibly
privilege escalation.

• PR binutils/18750 (no CVE assigned)

Joshua Rogers reported that passing a malformed ihex (Intel
hexadecimal) file to to various commands in binutils may result in
a stack buffer overflow. A similar issue was found in readelf.
If these commands are used to read untrusted binaries, this would
allow remote attackers to cause a denial of service (crash) or
possibly privilege escalation.

For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.20.1-16+deb6u2.

For the oldstable distribution (wheezy) and the stable distribution
(jessie), PR ld/12613 and CVE-2012-3509 were fixed before release, and
PR binutils/18750 will be fixed in a later update.