USN-7847-1: GNU binutils vulnerabilities

USN-7847-1: GNU binutils vulnerabilities

Publication date : 29 October 2025
Overview: Several security issues were fixed in GNU binutils.

Packages
binutils - GNU assembler, linker and binary utilities

Details
It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. The attack is restricted to local execution.
(CVE-2025-11082)

It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2025-11083, CVE-2025-5244, CVE-2025-5245,
CVE-2025-7554)

It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause crash, execute
arbitrary code or expose sensitive information. (CVE-2025-1147)

It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2025-1148, CVE-2025-3198, CVE-2025-8225

It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash. This issue only
affected Ubuntu 25.04. (CVE-2025-1182)

It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbritrary code.
This issue only affected Ubuntu 25.04 and Ubuntu 24.04 LTS.
(CVE-2025-7546)

Update instructions
In general, a standard system update will make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

25.04 plucky

• binutils – 2.44-3ubuntu1.1
• binutils-multiarch – 2.44-3ubuntu1.1
  24.04 LTS noble
• binutils – 2.42-4ubuntu2.6
• binutils-multiarch – 2.42-4ubuntu2.6
  22.04 LTS jammy
• binutils – 2.38-4ubuntu2.10
• binutils-multiarch – 2.38-4ubuntu2.10