Blog com notícias sobre, Linux, Android, Segurança , etc

Previous message (by thread): [PATCH] bfd/ELF: nds32_convert_{16_to_32,32_to_16}() are exposed to gas Next message (by thread): Sourceware Open House Friday - service upgrades, migration and isolation Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Hi, We are pleased to announce that version 2.45.1 of the GNU Binutils project sources have been released and are now available for download at: https://ftp.gnu.org/gnu/binutils https://sourceware.org/pub/binutils/releases/ This release is signed by my key: pub rsa4096/0x1F3D03348DB1A3E2 2020-03-04 [C] Key fingerprint = 5EF3 A411 71BB 77E6 110E D2D0 1F3D 0334 8DB1 A3E2 uid [ultimate] Sam James <sam@cmpct.info> uid [ultimate] Sam James <sam@gentoo.org> uid [ultimate] Sam James <sjames@sourceware.org> Key fingerprint = 60EA 4FBF FB83 5333 9CAA D4F2 F492 2810 EEA0 483B Key fingerprint = DF1D 4946 63A9 7AC5 66CA 42B2 58AC 1BFA 75E5 6A76 Key fingerprint = 922B A006 C9D9 A556 0F62 6473 870C 05CA 5294 50D3 Key fingerprint = 165E 63C6 75E6 63F7 CCFD E923 8771 8F61 0A3F 8A87 Key fingerprint = 25A6 BB88 DD9B 764C 6B55 41C2 7384 09F5 20DF 9190 Key fingerprint = CA59 4D4A 1F00 898E 3019 3C54 5861 1564 C7C4 D9D4 You can obtain my key via: gpg --recv-keys 5EF3A41171BB77E6110ED2D01F3D03348DB1A3E2 Or as a last resort to find the key, you can try the official GNU keyring: wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg gpg --keyring gnu-keyring.gpg --verify binutils-2.45.1.tar.gz.sig (etc) It's my first time making a release for GNU Binutils. I've tried my best to carefully follow Nick's instructions in binutils/README-how-to-make-a-release and feedback welcome. This is a point release over the previous 2.45 version, containing bug fixes and one new feature to help with a glibc bugfix: bfd will now mark binaries with GLIBC_ABI_GNU_TLS (i386), GLIBC_ABI_GNU2_TLS (x86-64, i386), and GLIBC_ABI_DT_X86_64_PLT (x86-64) where appropriate on GNU/Linux systems. The former two symbols have been backported to all applicable release branches for glibc. The latter was already there. Please make sure your branch is tracking the appropriate release branch for the version of glibc you ship - this is important in general, not just for this issue. This is needed to identify binaries built with a fixed glibc version for TLS. At configure-time, this can be disabled with --enable-gnu-tls-tag, --disable-gnu2-tls-tag, or --disable-mark-plt respectively. Note that the mark PLT configure option is not new, just we now use GLIBC_ABI_DT_X86_64_PLT as a tag instead of reusing GLIBC_2.36. Our thanks go out to all of the binutils contributors, past and present, for helping to make this release possible. Here is a list of the bugs that have been fixed: PR33244 PR29292 PR33161 PR33162 PR33194 PR33162 PR33230 PR33246 PR33409 PR33130 PR33213 PR33287 PR33562 PR33584 sam -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 418 bytes Desc: not available URL: <https://sourceware.org/pipermail/binutils/attachments/20251112/75f1ab3c/attachment.sig>

Most interesting is AMD's new AVX-512 BMM. The new AVX-512 BMM instructions are new bit manipulation instructions for matrix multiply and bit reversal.

AMD has begun their open-source compiler enablement upstreaming effort for Zen 6 processors! The first "Znver6" patch was sent out on Friday in preparing for new instructions to be found with these next-generation AMD Ryzen and EPYC processors...

Origin

It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. The attack is restricted to local execution. (CVE-2025-11082) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2025-11083, CVE-2025-5244, CVE-2025-5245, CVE-2025-7554) It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause crash, execute arbitrary code or expose sensitive information. (CVE-2025-1147) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-1148, CVE-2025-3198, CVE-2025-8225 It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 25.04. (CVE-2025-1182) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbritrary code. This issue only affected Ubuntu 25.04 and Ubuntu 24.04 LTS. (CVE-2025-7546)

Origin

Origin

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

CVE-2025-11495: A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locall...

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

CVE-2025-11414: A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The ...

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.