[USN-7847-1] GNU binutils vulnerabilities

Ian Constantin Thu, 30 Oct 2025 03:18:21 -0700

==========================================================================
Ubuntu Security Notice USN-7847-1
October 29, 2025


binutils vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in GNU binutils.

Software Description:
- binutils: GNU assembler, linker and binary utilities

Details:

It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. The attack is restricted to local execution.
(CVE-2025-11082)

It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2025-11083, CVE-2025-5244, CVE-2025-5245,
CVE-2025-7554)

It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause crash, execute
arbitrary code or expose sensitive information. (CVE-2025-1147)

It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2025-1148, CVE-2025-3198, CVE-2025-8225

It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash. This issue only
affected Ubuntu 25.04. (CVE-2025-1182)

It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 25.04 and Ubuntu 24.04 LTS.
(CVE-2025-7546)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  binutils                        2.44-3ubuntu1.1
  binutils-multiarch              2.44-3ubuntu1.1

Ubuntu 24.04 LTS
  binutils                        2.42-4ubuntu2.6
  binutils-multiarch              2.42-4ubuntu2.6

Ubuntu 22.04 LTS
  binutils                        2.38-4ubuntu2.10
  binutils-multiarch              2.38-4ubuntu2.10

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7847-1
  CVE-2025-11082, CVE-2025-11083, CVE-2025-1147, CVE-2025-1148,
  CVE-2025-1182, CVE-2025-3198, CVE-2025-5244, CVE-2025-5245,
  CVE-2025-7545, CVE-2025-7546, CVE-2025-8225

Package Information:
  https://launchpad.net/ubuntu/+source/binutils/2.44-3ubuntu1.1
  https://launchpad.net/ubuntu/+source/binutils/2.42-4ubuntu2.6
  https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.10

OpenPGP_signature.asc
Description: OpenPGP digital signature

[USN-7847-1] GNU binutils vulnerabilities

Reply via email to