| Package | binutils |
|---|---|
| Version | 2.25-5+deb8u2 (jessie), 2.28-5+deb9u1 (stretch), 2.31.1-16+deb10u1 (buster) |
| Related CVEs | CVE-2018-12934 CVE-2018-1000876 |
Two vulnerabilities have been fixed in binutils, the GNU assembler, linker and binary utilities.
Note that the fix for CVE-2018-12934 removes demangling support for some ancient (e.g. GCC 2.x) mangling schemes
CVE-2018-12934
OOM in c++filt
CVE-2018-1000876
Integer Overflow in objdump
For Debian 10 buster, these problems have been fixed in version 2.31.1-16+deb10u1.
For Debian 8 jessie, these problems have been fixed in version 2.25-5+deb8u2.
For Debian 9 stretch, these problems have been fixed in version 2.28-5+deb9u1.
We recommend that you upgrade your binutils packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.