[Bug 1162655] New: binutils: directory traversal vulnerability
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
Bug ID: 1162655
Summary: binutils: directory traversal vulnerability
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
Directory traversal vulnerability allowing random files deleteion/creation was
reported [1] in binutils.
Upstream patch is in [2].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
[2]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bEUzAveurp&a=cc_unsubscribe
8 years, 5 months
[Bug 1162621] New: CVE-2014-8504 binutils: stack overflow in the SREC parser
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
Bug ID: 1162621
Summary: CVE-2014-8504 binutils: stack overflow in the SREC
parser
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
Stack overflow issue was reported [1] in SREC parser in binutils.
Upstream patch that fixes this issue is at [2].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
[2]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bHcxYEBDhk&a=cc_unsubscribe
8 years, 5 months
[Bug 1162607] New: CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex file
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162607
Bug ID: 1162607
Summary: CVE-2014-8503 binutils: stack overflow in objdump when
parsing specially crafted ihex file
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
Stack overflow was reported [1] in objdump when parsing a crafted ihex file
[2].
Upstream patch is at [3].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
[2]: https://sourceware.org/bugzilla/attachment.cgi?id=7869
[3]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc5...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fWj88qzSHL&a=cc_unsubscribe
8 years, 5 months
[Bug 1162594] New: CVE-2014-8502 binutils: heap overflow in objdump
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Bug ID: 1162594
Summary: CVE-2014-8502 binutils: heap overflow in objdump
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
A heap overflow was reborted [1] when running objdump on a specially crafted PE
executable [2].
Upstream patches that address this are at [3] and [4].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
[2]: https://sourceware.org/bugzilla/attachment.cgi?id=7862
[3]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30...
[4]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=acafeb6056bec4...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=pnYCBTnBr5&a=cc_unsubscribe
8 years, 5 months
[Bug 1162570] New: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Bug ID: 1162570
Summary: CVE-2014-8501 binutils: out-of-bounds write when
parsing specially crafted PE executable
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
It was reported [1] that running strings, nm or objdump on a constructed PE
file [2] leads to out-of bounds write to an unitialized memory area.
Upstream path for this issue is at [3].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c0
[2]: https://sourceware.org/bugzilla/attachment.cgi?id=7849
[3]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xVCMYjG9bG&a=cc_unsubscribe
8 years, 5 months