Not a user yet?
Log in Register for free Suggest a product
Update

USN-7919-1: GNU binutils vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-7919-1: GNU binutils vulnerabilities

Publication date: 10 December 2025
Overview: Several security issues were fixed in GNU binutils.

Details
It was discovered that GNU binutils’ dump_dwarf_section function could be
manipulated to perform an out-of-bounds read. A local attacker could
possibly use this issue to cause GNU binutils to crash, resulting in a
denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11081)

It was discovered that GNU binutils incorrectly handled certain files. A
local attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 25.10.
(CVE-2025-11082)

It was discovered that GNU binutils incorrectly handled certain inputs. A
local attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue was only fixed in Ubuntu 25.10.
(CVE-2025-11083)

It was discovered that certain GNU binutils functions could be manipulated
to perform out-of-bounds reads. A local attacker could possibly use this
issue to cause GNU binutils to crash, resulting in a denial of service.
(CVE-2025-11412, CVE-2025-11413, CVE-2025-11414)

It was discovered that GNU binutils’ _bfd_x86_elf_late_size_sections
function could be manipulated to perform an out-of-bounds read. A local
attacker could possibly use this issue to cause GNU binutils to crash,
resulting in a denial of service. This issue only affected Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04,
and Ubuntu 25.10. (CVE-2025-11494)

It was discovered that GNU binutils’ elf_x86_64_relocate_section function
could be manipulated to cause a heap-based buffer overflow. A local
attacker could possibly use this issue to cause GNU binutils to crash,
resulting in a denial of service. This issue was only fixed in Ubuntu
25.04 and Ubuntu 25.10. (CVE-2025-11495)

Update instructions
In general, a standard system update will make all the necessary changes.
The problem can be corrected by updating your system to the following package versions:

25.10 questing

  • binutils – 2.45-7ubuntu1.2
  • binutils-multiarch – 2.45-7ubuntu1.2

25.04 plucky

  • binutils – 2.44-3ubuntu1.3
  • binutils-multiarch – 2.44-3ubuntu1.3

24.04 LTS noble

  • binutils – 2.42-4ubuntu2.8
  • binutils-multiarch – 2.42-4ubuntu2.8

22.04 LTS jammy

  • binutils – 2.38-4ubuntu2.12
  • binutils-multiarch – 2.38-4ubuntu2.12

20.04 LTS focal binutils

  • 2.34-6ubuntu1.11+esm2
  • binutils-multiarch – 2.34-6ubuntu1.11+esm2

18.04 LTS bionic

  • binutils – 2.30-21ubuntu1~18.04.9+esm13
  • binutils-multiarch – 2.30-21ubuntu1~18.04.9+esm13

16.04 LTS xenial

  • binutils – 2.26.1-1ubuntu1~16.04.8+esm14
  • binutils-multiarch – 2.26.1-1ubuntu1~16.04.8+esm14

14.04 LTS trusty

  • binutils – 2.24-5ubuntu14.2+esm8
  • binutils-multiarch – 2.24-5ubuntu14.2+esm8
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad