ELA-1130-1 binutils security update

two vulnerabilities

2024-07-15
Packagebinutils
Version2.25-5+deb8u2 (jessie), 2.28-5+deb9u1 (stretch), 2.31.1-16+deb10u1 (buster)
Related CVEs CVE-2018-12934 CVE-2018-1000876


Two vulnerabilities have been fixed in binutils, the GNU assembler, linker and binary utilities.

Note that the fix for CVE-2018-12934 removes demangling support for some ancient (e.g. GCC 2.x) mangling schemes

CVE-2018-12934

OOM in c++filt

CVE-2018-1000876

Integer Overflow in objdump


For Debian 10 buster, these problems have been fixed in version 2.31.1-16+deb10u1.

For Debian 8 jessie, these problems have been fixed in version 2.25-5+deb8u2.

For Debian 9 stretch, these problems have been fixed in version 2.28-5+deb9u1.

We recommend that you upgrade your binutils packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.