https://bugzilla.redhat.com/show_bug.cgi?id=1162660
Bug ID: 1162660
Summary: mingw-binutils: binutils: directory traversal
vulnerability [fedora-all]
Product: Fedora
Version: 20
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Blocks: 1162655
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
[Bug 1162655] binutils: directory traversal vulnerability
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0rCsRfqbK3&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162626
Bug ID: 1162626
Summary: CVE-2014-8504 mingw-binutils: binutils: stack overflow
in the SREC parser [fedora-all]
Product: Fedora
Version: 20
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Blocks: 1162621 (CVE-2014-8504)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
[Bug 1162621] CVE-2014-8504 binutils: stack overflow in the SREC parser
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0g5PmhlHcw&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162612
Bug ID: 1162612
Summary: CVE-2014-8503 mingw-binutils: binutils: stack overflow
in objdump when parsing specially crafted ihex file
[fedora-all]
Product: Fedora
Version: 20
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Blocks: 1162607 (CVE-2014-8503)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162607
[Bug 1162607] CVE-2014-8503 binutils: stack overflow in objdump when
parsing specially crafted ihex file
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6OyawZq4HB&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162602
Bug ID: 1162602
Summary: CVE-2014-8502 mingw-binutils: binutils: heap overflow
in objdump [fedora-all]
Product: Fedora
Version: 20
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Blocks: 1162594 (CVE-2014-8502)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
[Bug 1162594] CVE-2014-8502 binutils: heap overflow in objdump
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qroolnoCII&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162583
Bug ID: 1162583
Summary: CVE-2014-8501 mingw-binutils: binutils: out-of-bounds
write when parsing specially crafted PE executable
[epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162570 (CVE-2014-8501)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
[Bug 1162570] CVE-2014-8501 binutils: out-of-bounds write when parsing
specially crafted PE executable
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=D0KPVsr7x9&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1172633
Bug ID: 1172633
Summary: freetype: OOB stack-based read/write in
cf2_hintmap_build() (incomplete fix for
CVE-2014-2240).
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org,
mkasik(a)redhat.com, rjones(a)redhat.com
It was reported [1] that Freetype before 2.5.4 suffers from an out-of-bounds
stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing
code, which could lead to a buffer overflow. This is due to an incomplete
fix for CVE-2014-2240.
Upstream patch is at [2]
Upstream bug with some additional info is at [3].
This new CFF handling code was introduced in Freetype 2.4.12 (new Type 2
interpreter and hinter); earlier versions are not affected. This is fixed in
2.5.4 [4].
[1]: https://bugs.mageia.org/show_bug.cgi?id=14771
[2]:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0…
[3]: http://savannah.nongnu.org/bugs/?43661
[4]: http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/
Statement:
Not vulnerable. This issue did not affect the versions of freetype as shipped
with Red Hat Enterprise Linux 5, 6 and 7.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=yLFKJV2zPY&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162578
Bug ID: 1162578
Summary: CVE-2014-8501 mingw-binutils: binutils: out-of-bounds
write when parsing specially crafted PE executable
[fedora-all]
Product: Fedora
Version: 20
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Blocks: 1162570 (CVE-2014-8501)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
[Bug 1162570] CVE-2014-8501 binutils: out-of-bounds write when parsing
specially crafted PE executable
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=UaCDXMxyc2&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1172636
Bug ID: 1172636
Summary: mingw-freetype: freetype: OOB stack-based read/write
in cf2_hintmap_build() (incomplete fix for
CVE-2014-2240). [fedora-19]
Product: Fedora
Version: 19
Component: mingw-freetype
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com
Blocks: 1172633
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
fedora-19 tracking bug for mingw-freetype: see blocks bug list for full details
of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1172633
[Bug 1172633] freetype: OOB stack-based read/write in cf2_hintmap_build()
(incomplete fix for CVE-2014-2240).
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Ey2mHWzF6A&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1176410
Bug ID: 1176410
Summary: [abrt] mingw64-binutils: make_import_fixup_mark(): ld
killed by SIGSEGV
Product: Fedora
Version: 20
Component: mingw-binutils
Assignee: erik-fedora(a)vanpienbroek.nl
Reporter: Bill(a)WRLee.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Description of problem:
Attempting to compile and link a simple c++ test program using MinGW.
Version-Release number of selected component:
mingw64-binutils-2.23.52.0.1-2.fc20
Additional info:
reporter: libreport-2.2.3
backtrace_rating: 4
cmdline:
/usr/lib64/gcc/x86_64-w64-mingw32/4.8.3/../../../../x86_64-w64-mingw32/bin/ld
--sysroot=/usr/x86_64-w64-mingw32/sys-root -m i386pep -Bdynamic -o
testDelimited_Strings /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/crt2.o
/usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/crtbegin.o
-L/usr/lib64/gcc/x86_64-w64-mingw32/4.8.3
-L/usr/lib64/gcc/x86_64-w64-mingw32/4.8.3/../../../../x86_64-w64-mingw32/lib/../lib
-L/usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib
-L/usr/lib64/gcc/x86_64-w64-mingw32/4.8.3/../../../../x86_64-w64-mingw32/lib
-L/usr/x86_64-w64-mingw32/sys-root/mingw/lib /tmp/ccf402pN.o
Delimited_Strings.o -lpdcurses -lpthread -lusb-1.0 -lstdc++ -lmingw32 -lgcc_s
-lgcc -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32
-lmingw32 -lgcc_s -lgcc -lmoldname -lmingwex -lmsvcrt
/usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/crtend.o
crash_function: make_import_fixup_mark
executable: /usr/x86_64-w64-mingw32/bin/ld
kernel: 3.17.6-200.fc20.x86_64
runlevel: N 5
type: CCpp
uid: 1000
Truncated backtrace:
Thread no. 1 (7 frames)
#1 make_import_fixup_mark at ../../ld/pe-dll.c:2409
#2 pep_create_import_fixup at ../../ld/pe-dll.c:2613
#3 make_import_fixup at ei386pep.c:1037
#4 pep_walk_relocs_of_symbol at ../../ld/pe-dll.c:1302
#5 pep_find_data_imports at ei386pep.c:1092
#6 gld_i386pep_after_open at ei386pep.c:1191
#7 lang_process at ../../ld/ldlang.c:6713
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=z6fTZ7N6RN&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1177576
Bug ID: 1177576
Summary: mingw-binutils conflicts rhel6 mingw32-binutils
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Severity: high
Assignee: erik-fedora(a)vanpienbroek.nl
Reporter: tis(a)foobar.fi
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Description of problem:
mingw-binutils provide mingw32-binutils which updates same package from rhel6.
Please adjust the package or unpush it.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=7cCBr3DGjs&a=cc_unsubscribe