-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmkDOLEFAwAAAAAACgkQa1+PL+d1/EhS
qQv+K6GaHSYATSELpOpnZyRjfxYeDvWftKHVMJIDavgY6KdAa3X4fkNUK+zbtavdOHeAYuTuj0yK
2AMlscbkPbfn5ng/952hS4XbfMQLEpJiW7zBi4vP0uucNZXjNknHzSlDaBsK9Tj+0h47Qt4QvSae
UwVEg/HbiVgJ65wzLFyYypzrd0ozWGQA3acApxyUv37HMaDye7VFBKN/xTjtQp6mgriQ9t+Cyl+p
/xIBB/pwiHlo4gSdr3PVSu52AcdEbv5f2Eud4t6XBcYzfbzsItW0HjdwRrbMWNz9GTCLwtB2r0u7
j9zJNU3dKG+BCEWrmqU+bKPoSqUIvmQCFJdVYw7EAaGk1Nz4+/XBWM4YFO7nAeeHrb1ZDtgfDlRL
ZdskaoGK7/JKeu28EdsCPEOJogAzxmgBfJyn1ou5OxrjKcifTaIX4drWqSttxNnv7QXajX84aa3h
C0DfzXO5UCErqWDDq4zSYQQrqO+5Gd1iuFc6WAFCAyM82lHe/ZK60T35pqKd
=E8QE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7847-1
October 29, 2025
binutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in GNU binutils.
Software Description:
- binutils: GNU assembler, linker and binary utilities
Details:
It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. The attack is restricted to local execution.
(CVE-2025-11082)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2025-11083, CVE-2025-5244, CVE-2025-5245,
CVE-2025-7554)
It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause crash, execute
arbitrary code or expose sensitive information. (CVE-2025-1147)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2025-1148, CVE-2025-3198, CVE-2025-8225
It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash. This issue only
affected Ubuntu 25.04. (CVE-2025-1182)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 25.04 and Ubuntu 24.04 LTS.
(CVE-2025-7546)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
binutils 2.44-3ubuntu1.1
binutils-multiarch 2.44-3ubuntu1.1
Ubuntu 24.04 LTS
binutils 2.42-4ubuntu2.6
binutils-multiarch 2.42-4ubuntu2.6
Ubuntu 22.04 LTS
binutils 2.38-4ubuntu2.10
binutils-multiarch 2.38-4ubuntu2.10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7847-1
CVE-2025-11082, CVE-2025-11083, CVE-2025-1147, CVE-2025-1148,
CVE-2025-1182, CVE-2025-3198, CVE-2025-5244, CVE-2025-5245,
CVE-2025-7545, CVE-2025-7546, CVE-2025-8225
Package Information:
https://launchpad.net/ubuntu/+source/binutils/2.44-3ubuntu1.1
https://launchpad.net/ubuntu/+source/binutils/2.42-4ubuntu2.6
https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.10
No comments:
Post a Comment