[Bug 1162570] New: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Bug ID: 1162570
Summary: CVE-2014-8501 binutils: out-of-bounds write when
parsing specially crafted PE executable
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
It was reported [1] that running strings, nm or objdump on a constructed PE
file [2] leads to out-of bounds write to an unitialized memory area.
Upstream path for this issue is at [3].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c0
[2]: https://sourceware.org/bugzilla/attachment.cgi?id=7849
[3]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xVCMYjG9bG&a=cc_unsubscribe
8 years, 5 months
[Bug 1107557] New: CVE-2014-0191 mingw-libxml2: libxml2: external parameter entity loaded when entity substitution is disabled [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1107557
Bug ID: 1107557
Summary: CVE-2014-0191 mingw-libxml2: libxml2: external
parameter entity loaded when entity substitution is
disabled [fedora-all]
Product: Fedora
Version: 20
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: scorneli(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1090976 (CVE-2014-0191)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1090976
[Bug 1090976] CVE-2014-0191 libxml2: external parameter entity loaded when
entity substitution is disabled
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=DIHWxpqdT4&a=cc_unsubscribe
9 years
[Bug 1090976] CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1090976
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jrusnack(a)redhat.com
Whiteboard|impact=moderate,public=2014 |impact=moderate,public=2014
|0506,reported=20140417,sour |0506,reported=20140417,sour
|ce=redhat,cvss2=4.3/AV:N/AC |ce=redhat,cvss2=4.3/AV:N/AC
|:M/Au:N/C:N/I:N/A:P,rhel-5/ |:M/Au:N/C:N/I:N/A:P,rhel-5/
|libxml2=defer,rhel-6/libxml |libxml2=defer,rhel-6/libxml
|2=affected,rhel-7/libxml2=a |2=affected,rhel-7/libxml2=a
|ffected,rhel-6/mingw32-libx |ffected,rhel-6/mingw32-libx
|ml2=wontfix,fedora-all/libx |ml2=wontfix,fedora-all/libx
|ml2=affected,fedora-all/min |ml2=affected,fedora-all/min
|gw-libxml2=affected,epel-7/ |gw-libxml2=affected,epel-7/
|mingw-libxml2=affected |mingw-libxml2=affected,cwe=
| |CWE-611
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RePBFgbFCA&a=cc_unsubscribe
9 years