CVE-2016-2226 Ubuntu Security Notification for Libiberty Vulnerabilities (USN-3368-1)

It was discovered that libiberty incorrectly handled certain string operations.

It was discovered that libiberty incorrectly handled parsing certain binaries.

It was discovered that libiberty incorrectly handled parsing certain binaries.

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2226)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. (CVE-2016-4491)

Refer to Ubuntu advisory USN-3368-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3368-1: 14.04 (Kylin) on src (libiberty-dev)

USN-3368-1: 17.04 (zesty) on src (libiberty-dev)

USN-3368-1: 16.04 (Xenial) on src (libiberty-dev)