Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [ MDKSA-2006:153 ] - Updated binutils packages fix mul

from [security] Network Security [Permanent Link]
Subject: [Full-disclosure] [ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities
Date: Mon, 28 Aug 2006 21:35:00 -0600 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:153
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : binutils
 Date    : August 28, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A stack-based buffer overflow in messages.c in the GNU as (gas)
 assembler in Free Software Foundation GNU Binutils before 20050721 
 allows attackers to execute arbitrary code via a .c file with crafted
 inline assembly code (CVE-2005-4807).
 
 Buffer overflow in getsym in tekhex.c in libbfd in Free Software
 Foundation GNU Binutils before 20060423, as used by GNU strings, allows
 context-dependent attackers to cause a denial of service (application
 crash) and possibly execute arbitrary code via a file with a crafted
 Tektronix Hex Format (TekHex?) record in which the length character is
 not a valid hexadecimal character (CVE-2006-2362).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4807
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2362
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 a514aef8f0aae8017c36c6373c546f1f  
2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.i586.rpm
 608c036f1cf3604f70254d834a1be68c  
2006.0/RPMS/libbinutils2-2.16.91.0.2-3.1.20060mdk.i586.rpm
 3b215ae344eecd901ac81bc72d313dbb  
2006.0/RPMS/libbinutils2-devel-2.16.91.0.2-3.1.20060mdk.i586.rpm
 cd7e83cac0c468d104c10b402bb21a53  
2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 e52fa90704f954868c4619119e8e833d  
x86_64/2006.0/RPMS/binutils-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
 1117083b22061902fe40d87c1d7b9c22  
x86_64/2006.0/RPMS/lib64binutils2-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
 6ff27559c550109d9843e034181a0fa4  
x86_64/2006.0/RPMS/lib64binutils2-devel-2.16.91.0.2-3.1.20060mdk.x86_64.rpm
 cd7e83cac0c468d104c10b402bb21a53  
x86_64/2006.0/SRPMS/binutils-2.16.91.0.2-3.1.20060mdk.src.rpm

 Corporate 3.0:
 84f8aea5d202ba206ca31871047d8a5f  
corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.i586.rpm
 d72ede02c6410aad9ec98bfc931f2b2b  
corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.3.C30mdk.i586.rpm
 647d07675b4eabfa2cfe8933342cf46d  
corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.3.C30mdk.i586.rpm
 a0f5c767dcb258960cb0b9004e6f73d3  
corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 54d559b890d485b7979446499b8dad5a  
x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
 35f8cf549a5a8222e933b150775efdee  
x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
 0df49c77c9bf02a1b3686387580ad7e3  
x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.3.C30mdk.x86_64.rpm
 a0f5c767dcb258960cb0b9004e6f73d3  
x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE84vRmqjQ0CJFipgRApYkAKDZMyBRi8S7tFQhLu7BBksXEJZ99wCgigBG
KQaiJLXuFtCzHgx664/xGe8=
=ApW9
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [ MDKSA-2006:153 ] - Updated binutils packages fix multiple vulnerabilities, security <=
Previous by Date:  Re: [Full-disclosure] Lesstif insecure file creation while executing setuid libXm linked binaries vuln, Vincent Danen
Next by Date:  [Full-disclosure] [ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability, security
Previous by Thread:  [Full-disclosure] [ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations, Raphael Marichez
Next by Thread:  [Full-disclosure] [ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability, security
Indexes:  [Date] [Thread] [Top] [All Lists]