[Bug 1162621] New: CVE-2014-8504 binutils: stack overflow in the SREC parser
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
Bug ID: 1162621
Summary: CVE-2014-8504 binutils: stack overflow in the SREC
parser
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
Stack overflow issue was reported [1] in SREC parser in binutils.
Upstream patch that fixes this issue is at [2].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
[2]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bHcxYEBDhk&a=cc_unsubscribe
8 years, 4 months
[Bug 1162607] New: CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex file
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162607
Bug ID: 1162607
Summary: CVE-2014-8503 binutils: stack overflow in objdump when
parsing specially crafted ihex file
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
Stack overflow was reported [1] in objdump when parsing a crafted ihex file
[2].
Upstream patch is at [3].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
[2]: https://sourceware.org/bugzilla/attachment.cgi?id=7869
[3]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc5...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fWj88qzSHL&a=cc_unsubscribe
8 years, 4 months
[Bug 1162594] New: CVE-2014-8502 binutils: heap overflow in objdump
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Bug ID: 1162594
Summary: CVE-2014-8502 binutils: heap overflow in objdump
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
A heap overflow was reborted [1] when running objdump on a specially crafted PE
executable [2].
Upstream patches that address this are at [3] and [4].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
[2]: https://sourceware.org/bugzilla/attachment.cgi?id=7862
[3]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30...
[4]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=acafeb6056bec4...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=pnYCBTnBr5&a=cc_unsubscribe
8 years, 4 months
[Bug 1162570] New: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Bug ID: 1162570
Summary: CVE-2014-8501 binutils: out-of-bounds write when
parsing specially crafted PE executable
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
It was reported [1] that running strings, nm or objdump on a constructed PE
file [2] leads to out-of bounds write to an unitialized memory area.
Upstream path for this issue is at [3].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c0
[2]: https://sourceware.org/bugzilla/attachment.cgi?id=7849
[3]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xVCMYjG9bG&a=cc_unsubscribe
8 years, 4 months
[Bug 1212162] New: Exception handling corrupts a VLA
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1212162
Bug ID: 1212162
Summary: Exception handling corrupts a VLA
Product: Fedora
Version: 21
Component: mingw32-gcc
Assignee: rjones(a)redhat.com
Reporter: hedayatv(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, rjones(a)redhat.com
Description of problem:
Code:
-----------------------------------------------------------------
#include <iostream>
#include <cstring>
#include <sstream>
#include <stdexcept>
using namespace std;
int main(int argc, char **argv)
{
int n;
stringstream ss(argv[1]);
ss >> n;
cout << "N: " << n << endl;
char tbuff[n];
try
{
memset(tbuff, 0, n);
throw runtime_error("ERR");
}
catch (exception &e)
{
cout << "Writing to VLA" << endl;
memset(tbuff, 0, n);
cout << "Wrote" << endl;
}
}
-----------------------------------------------------------------
Compiled with:
/usr/bin/i686-w64-mingw32-g++ -O2 test.cpp -o t
Run with wine (similar results under Windows) results in crash:
[]% ./t 100
fixme:winediag:start_process Wine Staging is a testing version containing
experimental patches.
fixme:winediag:start_process Please report bugs at http://bugs.wine-staging.com
(instead of winehq.org).
N: 100
Writing to VLA
wine: Unhandled page fault on read access to 0x00000000 at address (nil)
(thread 0009), starting debugger...
Unhandled exception: page fault on read access to 0x00000000 in 32-bit code
(0x00000000).
....
Version-Release number of selected component (if applicable):
mingw32-gcc-c++-4.9.2-1.fc21.x86_64
How reproducible:
100%
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fSJiOBofWA&a=cc_unsubscribe
8 years, 4 months
mingw-wine-gecko 2.40 requirements
by Michael Cronenworth
Hello,
Another wine-gecko update brings another set of updated headers needed to build it.
The following header files must be updated to their latest version.
locationapi.h
textstor.h
msinkaut.h NEW
msinkaut_i.c NEW
d2d1_1helper.h
versionhelpers.h NEW
sdkddkver.h
The locationapi library must also be shipped in the CRT.
Thanks,
Michael
8 years, 7 months
[Bug 787067] CVE-2012-0841 libxml2: hash table collisions CPU usage DoS
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=787067
Adam Mariš <amaris(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |amaris(a)redhat.com
Whiteboard|impact=moderate,public=2012 |impact=moderate,public=2012
|0221,reported=20120116,sour |0221,reported=20120116,sour
|ce=rt,cvss2=5.0/AV:N/AC:L/A |ce=researcher,cvss2=5.0/AV:
|u:N/C:N/I:N/A:P,rhel-4/libx |N/AC:L/Au:N/C:N/I:N/A:P,rhe
|ml2=affected,rhel-5/libxml2 |l-4/libxml2=affected,rhel-5
|=affected,rhel-6/libxml2=af |/libxml2=affected,rhel-6/li
|fected,rhel-6/mingw32-libxm |bxml2=affected,rhel-6/mingw
|l2=affected,fedora-all/libx |32-libxml2=affected,fedora-
|ml2=affected,fedora-all/min |all/libxml2=affected,fedora
|gw32-libxml2=affected,epel- |-all/mingw32-libxml2=affect
|5/mingw32-libxml2=affected, |ed,epel-5/mingw32-libxml2=a
|cwe=CWE-407 |ffected,cwe=CWE-407
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Qv3W6yw2N7&a=cc_unsubscribe
8 years, 8 months
[Bug 608644] CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=608644
Martin Prpic <mprpic(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|public=20100625,reported=20 |public=20100625,reported=20
|100626,source=bugzilla,rhel |100626,source=internet,rhel
|-3/libpng=affected/impact=l |-3/libpng=affected/impact=l
|ow/cvss2=4.3/AV:N/AC:M/Au:N |ow/cvss2=4.3/AV:N/AC:M/Au:N
|/C:N/I:N/A:P/,rhel-4/libpng |/C:N/I:N/A:P/,rhel-4/libpng
|=affected/impact=low/cvss2= |=affected/impact=low/cvss2=
|4.3/AV:N/AC:M/Au:N/C:N/I:N/ |4.3/AV:N/AC:M/Au:N/C:N/I:N/
|A:P/,rhel-5/libpng=affected |A:P/,rhel-5/libpng=affected
|/impact=low/cvss2=4.3/AV:N/ |/impact=low/cvss2=4.3/AV:N/
|AC:M/Au:N/C:N/I:N/A:P/,rhel |AC:M/Au:N/C:N/I:N/A:P/,rhel
|-6/libpng=affected/impact=l |-6/libpng=affected/impact=l
|ow/cvss2=4.3/AV:N/AC:M/Au:N |ow/cvss2=4.3/AV:N/AC:M/Au:N
|/C:N/I:N/A:P/,fedora-all/li |/C:N/I:N/A:P/,fedora-all/li
|bpng=affected/impact=low/cv |bpng=affected/impact=low/cv
|ss2=4.3/AV:N/AC:M/Au:N/C:N/ |ss2=4.3/AV:N/AC:M/Au:N/C:N/
|I:N/A:P/,fedora-all/mingw32 |I:N/A:P/,fedora-all/mingw32
|-libpng=affected/impact=low |-libpng=affected/impact=low
|/cvss2=4.3/AV:N/AC:M/Au:N/C |/cvss2=4.3/AV:N/AC:M/Au:N/C
|:N/I:N/A:P/,fedora-all/libp |:N/I:N/A:P/,fedora-all/libp
|ng10=affected/impact=low/cv |ng10=affected/impact=low/cv
|ss2=4.3/AV:N/AC:M/Au:N/C:N/ |ss2=4.3/AV:N/AC:M/Au:N/C:N/
|I:N/A:P/,rhel-3/libpng10=af |I:N/A:P/,rhel-3/libpng10=af
|fected/impact=low/cvss2=4.3 |fected/impact=low/cvss2=4.3
|/AV:N/AC:M/Au:N/C:N/I:N/A:P |/AV:N/AC:M/Au:N/C:N/I:N/A:P
|/,rhel-4/libpng10=affected/ |/,rhel-4/libpng10=affected/
|impact=low/cvss2=4.3/AV:N/A |impact=low/cvss2=4.3/AV:N/A
|C:M/Au:N/C:N/I:N/A:P/ |C:M/Au:N/C:N/I:N/A:P/
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=UtbWQ8Q1p3&a=cc_unsubscribe
8 years, 8 months
[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=849693
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jrusnack(a)redhat.com
Whiteboard|impact=moderate,public=2012 |impact=moderate,public=2012
|0829,reported=20120820,sour |0829,reported=20120820,sour
|ce=linux-distros,cvss2=6.8/ |ce=distros,cvss2=6.8/AV:N/A
|AV:N/AC:M/Au:N/C:P/I:P/A:P, |C:M/Au:N/C:P/I:P/A:P,rhel-5
|rhel-5/compat-gcc-295=notaf |/compat-gcc-295=notaffected
|fected,rhel-5/compat-gcc-29 |,rhel-5/compat-gcc-296=nota
|6=notaffected,rhel-5/compat |ffected,rhel-5/compat-gcc-3
|-gcc-32=notaffected,rhel-5/ |2=notaffected,rhel-5/compat
|compat-gcc-34=notaffected,r |-gcc-34=notaffected,rhel-5/
|hel-5/binutils=new,rhel-5/b |binutils=new,rhel-5/binutil
|inutils220=new,rhel-5/gcc=n |s220=new,rhel-5/gcc=notaffe
|otaffected,rhel-5/gcc44=not |cted,rhel-5/gcc44=notaffect
|affected,rhel-5/gdb=notaffe |ed,rhel-5/gdb=notaffected,r
|cted,rhel-5/crash=new,rhel- |hel-5/crash=new,rhel-6/comp
|6/compat-gcc-295=notaffecte |at-gcc-295=notaffected,rhel
|d,rhel-6/compat-gcc-296=not |-6/compat-gcc-296=notaffect
|affected,rhel-6/compat-gcc- |ed,rhel-6/compat-gcc-32=not
|32=notaffected,rhel-6/compa |affected,rhel-6/compat-gcc-
|t-gcc-34=notaffected,rhel-6 |34=notaffected,rhel-6/gcc=n
|/gcc=notaffected,rhel-6/gdb |otaffected,rhel-6/gdb=notaf
|=notaffected,rhel-6/crash=n |fected,rhel-6/crash=new,rhe
|ew,rhel-6/binutils=new,rhel |l-6/binutils=new,rhel-6/min
|-6/mingw32-binutils=new,rhe |gw32-binutils=new,rhel-6/mi
|l-6/mingw32-gcc=notaffected |ngw32-gcc=notaffected,fedor
|,fedora-all/gcc=notaffected |a-all/gcc=notaffected,fedor
|,fedora-all/crash=new,fedor |a-all/crash=new,fedora-all/
|a-all/gdb=notaffected,fedor |gdb=notaffected,fedora-all/
|a-all/binutils=new,fedora-a |binutils=new,fedora-all/com
|ll/compat-gcc-296=notaffect |pat-gcc-296=notaffected,fed
|ed,fedora-all/compat-gcc-32 |ora-all/compat-gcc-32=notaf
|=notaffected,fedora-all/com |fected,fedora-all/compat-gc
|pat-gcc-34=notaffected,fedo |c-34=notaffected,fedora-16/
|ra-16/mingw32-gcc=notaffect |mingw32-gcc=notaffected,epe
|ed,epel-5/mingw32-gcc=notaf |l-5/mingw32-gcc=notaffected
|fected,fedora-16/mingw32-bi |,fedora-16/mingw32-binutils
|nutils=new,epel-5/mingw32-b |=new,epel-5/mingw32-binutil
|inutils=new,fedora-all/insi |s=new,fedora-all/insight=ne
|ght=new,epel-5/insight=new, |w,epel-5/insight=new,fedora
|fedora-all/mono-debugger=ne |-all/mono-debugger=new,fedo
|w,fedora-all/mutrace=new,fe |ra-all/mutrace=new,fedora-a
|dora-all/arm-gp2x-linux-bin |ll/arm-gp2x-linux-binutils=
|utils=new,fedora-all/avr-bi |new,fedora-all/avr-binutils
|nutils=new,epel-6/avr-binut |=new,epel-6/avr-binutils=ne
|ils=new,fedora-all/avr-gdb= |w,fedora-all/avr-gdb=new,ep
|new,epel-6/avr-gdb=new,fedo |el-6/avr-gdb=new,fedora-raw
|ra-rawhide/binutils=affecte |hide/binutils=affected
|d |
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=PtRbv5VVTF&a=cc_unsubscribe
8 years, 8 months