UBUNTU 16.04 ELS: binutils package released

CHANGELOG

binutils-2.26.1-1ubuntu1~16.04.10

• Fix integer overflow in the string_appends function in cplus-dem.c (CVE-2016-2226)
• Fix use-after-free vulnerability in libiberty (CVE-2016-4487)
• Fix use-after-free vulnerability in libiberty (CVE-2016-4488)
• Fix integer overflow in libiberty (CVE-2016-4489)
• Fix integer overflow in cp-demangle.c in libiberty (CVE-2016-4490)
• Fix buffer overflow in the do_type function in cplus-dem.c in libiberty (CVE-2016-4492)
• Fix out-of-bounds read in demangle_template_value_parm and do_hpacc_template_literal (CVE-2016-4493)
• Fix infinite loop, stack overflow (CVE-2016-6131)
• Fix infinite recursion and a buffer overflow (CVE-2016-4491)
• Fix heap-based buffer overflow (CVE-2017-6965)
• Fix read-after-free vulnerability (CVE-2017-6966)
• Fix heap-based buffer over-read (CVE-2017-6969)
• Fix accesses to NULL pointer (CVE-2017-7209)
• Fix multiple heap-based buffer over-reads (of size 1 and size 8) (CVE-2017-7210)
• Fix global buffer overflow (of size 1) (CVE-2017-7223)
• Fix invalid write (of size 1) while disassembling (CVE-2017-7224)
• Fix NULL pointer dereference and an invalid write (CVE-2017-7225)
• Fix heap-based buffer over-read of size 4049 (CVE-2017-7226)
• Fix heap-based buffer overflow (CVE-2017-7227)
• Fix invalid read (of size 8) in ELF reloc section (CVE-2017-7299)
• Fix heap-based buffer over-read (off-by-one) (CVE-2017-7300)
• Fix off-by-one vulnerability (CVE-2017-7301)
• Fix invalid read (of size 4) (CVE-2017-7302)
• Fix undefined behavior issue (CVE-2017-7614)
• Fix global buffer over-read error (CVE-2017-8393)
• Fix invalid read of size 4 due to NULL pointer dereferencing (CVE-2017-8394)
• Fix invalid write of size 8 (CVE-2017-8395)
• Fix invalid read of size 1 and an invalid write of size 1 (CVE-2017-8397)
• Fix invalid read of size 1 (CVE-2017-8396)
• Fix invalid read of size 1 during dumping of debug information (CVE-2017-8398)
• Fix memory leak vulnerability (CVE-2017-8421)
• Fix heap-based buffer over-read (CVE-2017-9038)
• Fix memory consumption (CVE-2017-9039)
• Fix NULL pointer dereference (CVE-2017-9040)
• Fix application crash (CVE-2017-9042)
• Fix heap-based buffer over-read (CVE-2017-9041)
• Fix invalid read and SEGV (CVE-2017-9044)
• Fix buffer overflow (CVE-2017-9742)
• Fix buffer overflow (CVE-2017-9744)
• Fix buffer overflow (CVE-2017-9752)
• Fix buffer overflow (CVE-2017-9745)
• Fix buffer overflow (CVE-2017-9746)
• Fix buffer overflow (CVE-2017-9747)
• Fix buffer overflow (CVE-2017-9748)
• Fix buffer overflow (CVE-2017-9749)
• Fix buffer overflow (CVE-2017-9750)
• Fix buffer overflow (CVE-2017-9751)
• Fix buffer overflow (CVE-2017-9753)
• Fix buffer overflow (CVE-2017-9754)
• Fix buffer overflow (CVE-2017-9755)
• Fix buffer overflow (CVE-2017-9756)
• Fix stack-based buffer over-read (CVE-2017-9954)
• Fix use after free (CVE-2017-12448)
• Fix out of bounds heap read (CVE-2017-12449)
• Fix out of bounds heap read (CVE-2017-12455)
• Fix NULL dereference (CVE-2017-12457)
• Fix out of bounds heap read (CVE-2017-12458)
• Fix out of bounds heap write (CVE-2017-12459)
• Fix out of bounds heap write (CVE-2017-12450)
• Fix out of bounds heap read (CVE-2017-12452)
• Fix out of bounds heap read (CVE-2017-12453)
• Fix arbitrary memory read (CVE-2017-12454)
• Fix out of bounds heap read (CVE-2017-12456)
• Fix integer overflow, and hang because of a time-consuming loop (CVE-2017-14333)
• Fix out of bounds stack read (CVE-2017-12451)
• Fix buffer overflow (CVE-2017-12799)
• Fix stack-based buffer over-read (CVE-2017-12967)
• Fix NULL pointer dereference (CVE-2017-13710)
• Fix read_1_byte heap-based buffer over-read (CVE-2017-14128)
• Fix parse_comp_unit heap-based buffer over-read (CVE-2017-14129)
• Fix _bfd_elf_attr_strdup heap-based buffer over-read (CVE-2017-14130)
• Fix heap-based buffer over-read (CVE-2017-14529)
• Fix memory consumption (CVE-2017-14930)
• Fix infinite loop (CVE-2017-14932)
• Fix excessive memory allocation (CVE-2017-14938)
• Fix heap-based buffer over-read (CVE-2017-14939)
• Fix NULL pointer dereference (CVE-2017-14940)
• Fix parse_die heap-based buffer over-read (CVE-2017-15020)
• Fix heap-based buffer over-read (CVE-2017-15021)
• Fix bfd_hash_hash NULL pointer dereference (CVE-2017-15022)
• Fix infinite recursion (CVE-2017-15024)
• Fix divide-by-zero error (CVE-2017-15025)
• Fix memory leak (CVE-2017-15225)
• Fix find_abstract_instance_name invalid memory read, segmentation fault (CVE-2017-15938)
• Fix NULL pointer dereference (CVE-2017-15939)
• Fix buffer overflow on fuzzed archive header (CVE-2017-15996)
• Fix invalid memory access (CVE-2017-16826)
• Fix slurp_symtab invalid free (CVE-2017-16827)
• Fix integer overflow and heap-based buffer over-read (CVE-2017-16828)
• Fix integer overflow or excessive memory allocation (CVE-2017-16831)
• Fix segmentation violation (CVE-2017-16832)
• Fix bfd_getl32 heap-based buffer over-read (CVE-2017-17080)
• Fix memory access violation (CVE-2017-17121)
• Fix NULL pointer dereference (CVE-2017-17123)
• Fix excessive memory consumption or heap-based buffer overflow (CVE-2017-17124)
• Fix unsigned integer overflow (CVE-2018-6323)
• Fix integer overflow (CVE-2018-6543)
• Fix segmentation fault (CVE-2018-6759)
• Fix segmentation fault (CVE-2018-7208)
• Fix integer overflow (CVE-2018-7568)
• Fix integer underflow or overflow (CVE-2018-7569)
• Fix aout_32_swap_std_reloc_out NULL pointer dereference (CVE-2018-7642)
• Fix integer overflow (CVE-2018-7643)
• Fix segmentation fault (CVE-2018-8945)
• Fix excessive memory allocation (CVE-2018-13033)
• Fix stack exhaustion (CVE-2018-9138)
• Fix stack exhaustion (CVE-2018-12641)
• Fix NULL pointer dereference (CVE-2018-12697)
• Fix memory consumption (CVE-2018-12698)
• Fix heap-based buffer overflow (CVE-2018-12699)
• Fix infinite recursion (CVE-2018-12700)
• Fix NULL pointer dereference (CVE-2018-17794)
• Fix recursive calls (CVE-2018-17985)
• Fix stack exhaustion (CVE-2018-18484)
• Fix stack consumption vulnerability (CVE-2018-18700)
• Fix infinite recursion (CVE-2018-18701)
• Fix heap-based buffer over-read (CVE-2018-10372)
• Fix NULL pointer dereference (CVE-2018-10373)
• Fix out-of-bounds memory write (CVE-2018-10534)
• Fix NULL pointer dereference (CVE-2018-10535)
• Fix excessive memory consumption (CVE-2018-12934)
• Fix malloc call with the result of an integer-overflowing calculation (CVE-2018-18483)
• Fix invalid memory access (CVE-2018-17358)
• Fix invalid memory access (CVE-2018-17359)
• Fix heap-based buffer over-read in bfd_getl32 (CVE-2018-17360)
• Fix invalid memory address dereference (CVE-2018-18309)
• Fix mishandles section merges (CVE-2018-18605)
• Fix NULL pointer dereference (CVE-2018-18606)
• Fix NULL pointer dereference in elf_link_input_bfd (CVE-2018-18607)
• Fix heap-based buffer overflow in bfd_elf32_swap_phdr_in (CVE-2018-19931)
• Fix integer overflow and infinite loop (CVE-2018-19932)
• Fix memory consumption (CVE-2018-20002)
• Fix use-after-free in the error function (CVE-2018-20623)
• Fix integer overflow vulnerability (CVE-2018-20671)
• Fix integer overflow trigger heap overflow (CVE-2018-1000876)
• Fix buffer over-read (CVE-2017-17125)
• Fix excessive memory allocation (CVE-2019-9073)
• Fix out-of-bounds read (CVE-2019-9074)
• Fix heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap (CVE-2019-9075)
• Fix heap-based buffer overflow in process_mips_specific (CVE-2019-9077)
• Fix heap-based buffer over-read in d_expression_1 (CVE-2019-9070)
• Fix stack consumption issue in d_count_templates_scopes (CVE-2019-9071)
• Fix heap-based buffer over-read in _bfd_doprnt (CVE-2019-12972)
• Fix integer overflow and resultant heap-based buffer overflow (CVE-2019-14250)
• Fix integer overflow (CVE-2019-14444)
• Fix infinite recursion (CVE-2019-17450)
• Fix integer overflow (CVE-2019-17451)

UPDATE COMMAND

apt-get update
apt-get --only-upgrade install binutils*