GNU binutils Vulnerabilities Addressed in EOL Ubuntu Systems
GNU binutils is a set of programming tools for creating and managing binary programs and object files on various computer architectures. It includes utilities like assembler, linker, and binary file manipulation tools. These tools are essential for compiling source code into executable programs and libraries. Recently, several GNU binutils vulnerabilities have been fixed in various Ubuntu releases, including EOL Ubuntu systems: Ubuntu 18.04, Ubuntu 16.04, and Ubuntu 14.04.
In this article, we will delve into the details of these vulnerabilities and provide mitigation measures to fortify your systems.
GNU binutils Vulnerabilities Overview
CVE-2017-17122, CVE-2017-8421
A deficiency was detected in GNU binutils’ memory allocation operations, primarily impacting Ubuntu 14.04 LTS. This oversight could result in excessive memory consumption, opening the door for denial of service attacks.
CVE-2018-20671, CVE-2018-6543
GNU binutils exhibited shortcomings in performing bounds checks, particularly concerning debug sections with objdump. This vulnerability, exclusive to Ubuntu 14.04 LTS, could precipitate overflow scenarios, potentially enabling denial of service or arbitrary code execution.
CVE-2022-35205
An assertion vulnerability was uncovered in GNU binutils, affecting Ubuntu 18.04 LTS. Crafted DWARF files could trigger intentional assertion failures, leading to potential denial of service incidents.
CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011
Several functions within GNU binutils were found to mishandle memory management operations, resulting in memory leaks and consequent excessive memory consumption. These vulnerabilities pose a significant risk of denial of service attacks.
CVE-2022-48063
Yet another instance of inadequate bounds checks in memory allocation operations was discovered, posing a risk of excessive memory consumption and subsequent denial of service attacks.
Mitigating Vulnerabilities in End-of-Life Systems
It is crucial for system administrators and users to promptly apply the necessary security updates to address GNU binutils vulnerabilities in Ubuntu 18.04, Ubuntu 16.04, and Ubuntu 14.04. However, after the end of support for these systems, security fixes are only available with Ubuntu Pro. Alternatively, you can consider using an affordable option TuxCare’s Extended Lifecycle Support for Ubuntu 16.04 and Ubuntu 18.04. TuxCare offers five years of additional security support with vendor-grade security patches after the end-of-life date. It ensures robust protection against evolving threats and keeps your systems protected against potential exploits.
Discover the risks of running end-of-life Linux operating systems. If you have any queries about Extended Lifecycle Support, ask us a question and one of our Linux security experts will get back to you.
Source: USN-6413-1