{"id":"MGASA-2018-0046","summary":"Updated binutils packages fix security vulnerability","details":"Exploitable buffer overflow (CVE-2016-2226).\n\nInvalid write due to a use-after-free to array btypevec (CVE-2016-4487).\n\nInvalid write due to a use-after-free to array ktypevec (CVE-2016-4488).\n\nInvalid write due to integer overflow (CVE-2016-4489).\n\nWrite access violation (CVE-2016-4490).\n\nWrite access violations (CVE-2016-4492).\n\nRead access violations (CVE-2016-4493).\n\nStack buffer overflow when printing bad bytes in Intel Hex objects\n(CVE-2016-6131).\n\nreadelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read\nwhile processing corrupt RL78 binaries. The vulnerability can trigger\nprogram crashes. It may lead to an information leak as well\n(CVE-2017-6969).\n\nobjdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer\nover-reads (of size 1 and size 8) while handling corrupt STABS enum type\nstrings in a crafted object file, leading to program crash\n(CVE-2017-7210).\n","modified":"2026-02-02T03:10:43.104862Z","published":"2018-01-03T14:22:14Z","related":["CVE-2016-2226","CVE-2016-4487","CVE-2016-4488","CVE-2016-4489","CVE-2016-4490","CVE-2016-4492","CVE-2016-4493","CVE-2016-6131","CVE-2017-6969","CVE-2017-7210"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0046.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22288"},{"type":"REPORT","url":"https://lwn.net/Alerts/694764/"}],"affected":[{"package":{"name":"binutils","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/binutils?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.24-12.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0046.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}