https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Bug ID: 1162594 Summary: CVE-2014-8502 binutils: heap overflow in objdump Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: vkaigoro@redhat.com CC: bgollahe@redhat.com, dan@danny.cz, dhowells@redhat.com, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, jakub@redhat.com, kalevlember@gmail.com, kanderso@redhat.com, ktietz@redhat.com, law@redhat.com, lkocman@redhat.com, lkundrak@v3.sk, mfranc@redhat.com, mhlavink@redhat.com, nickc@redhat.com, ohudlick@redhat.com, pfrankli@redhat.com, rjones@redhat.com, rob@robspanton.com, seceng-idm-qe-list@redhat.com, swhiteho@redhat.com, thibault.north@gmail.com, tmlcoch@redhat.com, trond.danielsen@gmail.com
A heap overflow was reborted [1] when running objdump on a specially crafted PE executable [2]. Upstream patches that address this are at [3] and [4].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7862 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30cae... [4]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=acafeb6056bec47d7...
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1156276
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1162598 Depends On| |1162599 Depends On| |1162600 Depends On| |1162601 Depends On| |1162602 Depends On| |1162603 Depends On| |1162604 Depends On| |1162605 Depends On| |1162606
--- Comment #1 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created mingw-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162602] Affects: epel-all [bug 1162606]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162598 [Bug 1162598] CVE-2014-8502 arm-none-eabi-binutils-cs: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162599 [Bug 1162599] CVE-2014-8502 avr-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162600 [Bug 1162600] CVE-2014-8502 binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162601 [Bug 1162601] CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162602 [Bug 1162602] CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162603 [Bug 1162603] CVE-2014-8502 msp430-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162604 [Bug 1162604] CVE-2014-8502 avr-binutils: binutils: heap overflow in objdump [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162605 [Bug 1162605] CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162606 [Bug 1162606] CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #2 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created avr-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162599] Affects: epel-all [bug 1162604]
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #3 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created arm-none-eabi-binutils-cs tracking bugs for this issue:
Affects: fedora-all [bug 1162598]
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #4 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created msp430-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162603]
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #5 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created cross-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162601] Affects: epel-all [bug 1162605]
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #6 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162600]
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2014-8502 binutils: |CVE-2014-8502 binutils: |heap overflow in objdump |heap overflow in objdump | |when parsing a crafted | |ELF/PE binary file | |(incomplete fix for | |CVE-2014-8485)
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141028, |impact=low,public=20141028, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-sec,cvss2=1.2/AV:L/AC:H/A |u:N/C:P/I:N/A:N,cwe=CWE-122 |u:N/C:P/I:N/A:N,cwe=CWE-122 |,dts-2.1/devtoolset-2-binut |,dts-2.1/devtoolset-2-binut |ils=new,dts-3.0/devtoolset- |ils=affected,dts-3.0/devtoo |3-binutils=new,fedora-all/a |lset-3-binutils=affected,fe |rm-none-eabi-binutils-cs=af |dora-all/arm-none-eabi-binu |fected,fedora-all/avr-binut |tils-cs=affected,fedora-all |ils=affected,fedora-all/bin |/avr-binutils=affected,fedo |utils=affected,fedora-all/c |ra-all/binutils=affected,fe |ross-binutils=affected,fedo |dora-all/cross-binutils=aff |ra-all/mingw-binutils=affec |ected,fedora-all/mingw-binu |ted,fedora-all/msp430-binut |tils=affected,fedora-all/ms |ils=affected,rhel-4/binutil |p430-binutils=affected,rhel |s=new,rhel-5/binutils=new,r |-5/binutils=wontfix,rhel-5/ |hel-5/binutils220=new,rhel- |binutils220=wontfix,rhel-6/ |6/binutils=new,rhel-6/mingw |binutils=affected,rhel-6/mi |32-binutils=new,rhel-7/binu |ngw32-binutils=defer,rhel-7 |tils=new,epel-all/avr-binut |/binutils=affected,epel-all |ils=affected,epel-all/cross |/avr-binutils=affected,epel |-binutils=affected,epel-all |-all/cross-binutils=affecte |/mingw-binutils=affected |d,epel-all/mingw-binutils=a | |ffected
--- Comment #9 from Vasyl Kaigorodov vkaigoro@redhat.com --- Statement:
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |binutils 2.25
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1168281
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1168302
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141028, |impact=low,public=20141028, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-sec,cvss2=1.2/AV:L/AC:H/A |u:N/C:P/I:N/A:N,cwe=CWE-122 |u:N/C:P/I:N/A:N,cwe=CWE-122 |,dts-2.1/devtoolset-2-binut |,dts-2.1/devtoolset-2-binut |ils=affected,dts-3.0/devtoo |ils=affected,dts-3.0/devtoo |lset-3-binutils=affected,fe |lset-3-binutils=affected,fe |dora-all/arm-none-eabi-binu |dora-all/arm-none-eabi-binu |tils-cs=affected,fedora-all |tils-cs=affected,fedora-all |/avr-binutils=affected,fedo |/avr-binutils=affected,fedo |ra-all/binutils=affected,fe |ra-all/binutils=affected,fe |dora-all/cross-binutils=aff |dora-all/cross-binutils=aff |ected,fedora-all/mingw-binu |ected,fedora-all/mingw-binu |tils=affected,fedora-all/ms |tils=affected,fedora-all/ms |p430-binutils=affected,rhel |p430-binutils=affected,rhel |-5/binutils=wontfix,rhel-5/ |-5/binutils=wontfix,rhel-5/ |binutils220=wontfix,rhel-6/ |binutils220=wontfix,rhel-6/ |binutils=affected,rhel-6/mi |binutils=affected,rhel-6/mi |ngw32-binutils=defer,rhel-7 |ngw32-binutils=wontfix,rhel |/binutils=affected,epel-all |-7/binutils=affected,epel-a |/avr-binutils=affected,epel |ll/avr-binutils=affected,ep |-all/cross-binutils=affecte |el-all/cross-binutils=affec |d,epel-all/mingw-binutils=a |ted,epel-all/mingw-binutils |ffected |=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141028, |impact=low,public=20141028, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-sec,cvss2=1.2/AV:L/AC:H/A |u:N/C:P/I:N/A:N,cwe=CWE-122 |u:N/C:P/I:N/A:N,cwe=CWE-122 |,dts-2.1/devtoolset-2-binut |,dts-2.1/devtoolset-2-binut |ils=affected,dts-3.0/devtoo |ils=affected,dts-3.0/devtoo |lset-3-binutils=affected,fe |lset-3-binutils=affected,fe |dora-all/arm-none-eabi-binu |dora-all/arm-none-eabi-binu |tils-cs=affected,fedora-all |tils-cs=affected,fedora-all |/avr-binutils=affected,fedo |/avr-binutils=affected,fedo |ra-all/binutils=affected,fe |ra-all/binutils=affected,fe |dora-all/cross-binutils=aff |dora-all/cross-binutils=aff |ected,fedora-all/mingw-binu |ected,fedora-all/mingw-binu |tils=affected,fedora-all/ms |tils=affected,fedora-all/ms |p430-binutils=affected,rhel |p430-binutils=affected,rhel |-5/binutils=wontfix,rhel-5/ |-5/binutils=wontfix,rhel-5/ |binutils220=wontfix,rhel-6/ |binutils220=wontfix,rhel-6/ |binutils=affected,rhel-6/mi |binutils=affected,rhel-6/mi |ngw32-binutils=wontfix,rhel |ngw32-binutils=wontfix,rhel |-7/binutils=affected,epel-a |-7/binutils=defer,epel-all/ |ll/avr-binutils=affected,ep |avr-binutils=affected,epel- |el-all/cross-binutils=affec |all/cross-binutils=affected |ted,epel-all/mingw-binutils |,epel-all/mingw-binutils=af |=affected |fected
https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug 1162594 depends on bug 1162598, which changed state.
Bug 1162598 Summary: CVE-2014-8502 arm-none-eabi-binutils-cs: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162598
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #11 from Fedora Update System updates@fedoraproject.org --- arm-none-eabi-binutils-cs-2014.05.28-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug 1162594 depends on bug 1162599, which changed state.
Bug 1162599 Summary: CVE-2014-8502 avr-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162599
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #12 from Fedora Update System updates@fedoraproject.org --- avr-binutils-2.24-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #13 from Fedora Update System updates@fedoraproject.org --- avr-binutils-2.24-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #14 from Fedora Update System updates@fedoraproject.org --- arm-none-eabi-binutils-cs-2014.05.28-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #15 from Fedora Update System updates@fedoraproject.org --- avr-binutils-2.24-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #16 from Fedora Update System updates@fedoraproject.org --- arm-none-eabi-binutils-cs-2014.05.28-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1172710
https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug 1162594 depends on bug 1162602, which changed state.
Bug 1162602 Summary: CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162602
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug 1162594 depends on bug 1162606, which changed state.
Bug 1162606 Summary: CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162606
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug 1162594 depends on bug 1162601, which changed state.
Bug 1162601 Summary: CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162601
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |CURRENTRELEASE
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141028, |impact=low,public=20141028, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-security,cvss2=1.2/AV:L/A |u:N/C:P/I:N/A:N,cwe=CWE-122 |C:H/Au:N/C:P/I:N/A:N,cwe=CW |,dts-2.1/devtoolset-2-binut |E-122,dts-2.1/devtoolset-2- |ils=affected,dts-3.0/devtoo |binutils=affected,dts-3.0/d |lset-3-binutils=affected,fe |evtoolset-3-binutils=affect |dora-all/arm-none-eabi-binu |ed,fedora-all/arm-none-eabi |tils-cs=affected,fedora-all |-binutils-cs=affected,fedor |/avr-binutils=affected,fedo |a-all/avr-binutils=affected |ra-all/binutils=affected,fe |,fedora-all/binutils=affect |dora-all/cross-binutils=aff |ed,fedora-all/cross-binutil |ected,fedora-all/mingw-binu |s=affected,fedora-all/mingw |tils=affected,fedora-all/ms |-binutils=affected,fedora-a |p430-binutils=affected,rhel |ll/msp430-binutils=affected |-5/binutils=wontfix,rhel-5/ |,rhel-5/binutils=wontfix,rh |binutils220=wontfix,rhel-6/ |el-5/binutils220=wontfix,rh |binutils=affected,rhel-6/mi |el-6/binutils=affected,rhel |ngw32-binutils=wontfix,rhel |-6/mingw32-binutils=wontfix |-7/binutils=defer,epel-all/ |,rhel-7/binutils=defer,epel |avr-binutils=affected,epel- |-all/avr-binutils=affected, |all/cross-binutils=affected |epel-all/cross-binutils=aff |,epel-all/mingw-binutils=af |ected,epel-all/mingw-binuti |fected |ls=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141028, |impact=low,public=20141028, |reported=20141111,source=os |reported=20141111,source=os |s-security,cvss2=1.2/AV:L/A |s-security,cvss2=2.6/AV:L/A |C:H/Au:N/C:P/I:N/A:N,cwe=CW |C:H/Au:N/C:P/I:N/A:P,cwe=CW |E-122,dts-2.1/devtoolset-2- |E-122,dts-2.1/devtoolset-2- |binutils=affected,dts-3.0/d |binutils=affected,dts-3.0/d |evtoolset-3-binutils=affect |evtoolset-3-binutils=affect |ed,fedora-all/arm-none-eabi |ed,fedora-all/arm-none-eabi |-binutils-cs=affected,fedor |-binutils-cs=affected,fedor |a-all/avr-binutils=affected |a-all/avr-binutils=affected |,fedora-all/binutils=affect |,fedora-all/binutils=affect |ed,fedora-all/cross-binutil |ed,fedora-all/cross-binutil |s=affected,fedora-all/mingw |s=affected,fedora-all/mingw |-binutils=affected,fedora-a |-binutils=affected,fedora-a |ll/msp430-binutils=affected |ll/msp430-binutils=affected |,rhel-5/binutils=wontfix,rh |,rhel-5/binutils=wontfix,rh |el-5/binutils220=wontfix,rh |el-5/binutils220=wontfix,rh |el-6/binutils=affected,rhel |el-6/binutils=affected,rhel |-6/mingw32-binutils=wontfix |-6/mingw32-binutils=wontfix |,rhel-7/binutils=defer,epel |,rhel-7/binutils=defer,epel |-all/avr-binutils=affected, |-all/avr-binutils=affected, |epel-all/cross-binutils=aff |epel-all/cross-binutils=aff |ected,epel-all/mingw-binuti |ected,epel-all/mingw-binuti |ls=affected |ls=affected
--- Doc Text *updated* --- A heap-based buffer overflow flaw was found in the way objdump utility processed certain files. If a user were tricked into running objdump on a specially crafted file, it could cause objdump to crash or potentially execute arbitrary code with the privileges of the user running an executable. The original fix for CVE-2014-8485 was found to be incomplete.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- It was found that the fix for the CVE-2014-8485 issue was incomplete: a heap-based buffer overflow in the objdump utility could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running objdump when processing specially crafted files.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #19 from Nick Clifton nickc@redhat.com --- Created attachment 1043575 --> https://bugzilla.redhat.com/attachment.cgi?id=1043575&action=edit Amalgamted patch to fix all of the bugs referenced by PR 1712#c17
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #20 from Nick Clifton nickc@redhat.com --- Created attachment 1043578 --> https://bugzilla.redhat.com/attachment.cgi?id=1043578&action=edit Corrupt binary that (used to) crash objdump -x
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #21 from Nick Clifton nickc@redhat.com --- Created attachment 1043579 --> https://bugzilla.redhat.com/attachment.cgi?id=1043579&action=edit Second corrupt binary that (used to ) crash objdump -x
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #22 from Nick Clifton nickc@redhat.com --- Created attachment 1043580 --> https://bugzilla.redhat.com/attachment.cgi?id=1043580&action=edit Corrupt ELF binary that (used to) crash objdump -x
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #23 from Nick Clifton nickc@redhat.com --- I have uploaded a patch to fix this BZ, plus the three corrupt binary files (extracted from PR 17512) that used to trigger the bugs.
I am not sure what I should do next. Can someone please advise ?
Cheers Nick
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #24 from Jeff Law law@redhat.com --- Nick, I'll walk you through the various process/procedural stuff Monday. Well, I'll probably send you a howto over the weekend, which you can try Monday morning and if there's questions, we can cover them in IRC Monday.
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Nick Clifton nickc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |MODIFIED Fixed In Version|binutils 2.25 |binutils-2.23.52.0.1-46.el7
https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug 1162594 depends on bug 1162600, which changed state.
Bug 1162600 Summary: CVE-2014-8502 binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162600
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug 1162594 depends on bug 1162603, which changed state.
Bug 1162603 Summary: CVE-2014-8502 msp430-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162603
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |NEW Fixed In Version|binutils-2.23.52.0.1-46.el7 |binutils 2.25
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Miloš Prchlík mprchlik@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mprchlik@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1210268
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141028, |impact=low,public=20141028, |reported=20141111,source=os |reported=20141111,source=os |s-security,cvss2=2.6/AV:L/A |s-security,cvss2=2.6/AV:L/A |C:H/Au:N/C:P/I:N/A:P,cwe=CW |C:H/Au:N/C:P/I:N/A:P,cwe=CW |E-122,dts-2.1/devtoolset-2- |E-122,dts-2.1/devtoolset-2- |binutils=affected,dts-3.0/d |binutils=affected,dts-3.0/d |evtoolset-3-binutils=affect |evtoolset-3-binutils=affect |ed,fedora-all/arm-none-eabi |ed,fedora-all/arm-none-eabi |-binutils-cs=affected,fedor |-binutils-cs=affected,fedor |a-all/avr-binutils=affected |a-all/avr-binutils=affected |,fedora-all/binutils=affect |,fedora-all/binutils=affect |ed,fedora-all/cross-binutil |ed,fedora-all/cross-binutil |s=affected,fedora-all/mingw |s=affected,fedora-all/mingw |-binutils=affected,fedora-a |-binutils=affected,fedora-a |ll/msp430-binutils=affected |ll/msp430-binutils=affected |,rhel-5/binutils=wontfix,rh |,rhel-5/binutils=wontfix,rh |el-5/binutils220=wontfix,rh |el-5/binutils220=wontfix,rh |el-6/binutils=affected,rhel |el-6/binutils=affected,rhel |-6/mingw32-binutils=wontfix |-6/mingw32-binutils=wontfix |,rhel-7/binutils=defer,epel |,rhel-7/binutils=affected,e |-all/avr-binutils=affected, |pel-all/avr-binutils=affect |epel-all/cross-binutils=aff |ed,epel-all/cross-binutils= |ected,epel-all/mingw-binuti |affected,epel-all/mingw-bin |ls=affected |utils=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141028, |impact=low,public=20141028, |reported=20141111,source=os |reported=20141111,source=os |s-security,cvss2=2.6/AV:L/A |s-security,cvss2=2.6/AV:L/A |C:H/Au:N/C:P/I:N/A:P,cwe=CW |C:H/Au:N/C:P/I:N/A:P,cwe=CW |E-122,dts-2.1/devtoolset-2- |E-122,dts-2.1/devtoolset-2- |binutils=affected,dts-3.0/d |binutils=wontfix,dts-3.0/de |evtoolset-3-binutils=affect |vtoolset-3-binutils=affecte |ed,fedora-all/arm-none-eabi |d,fedora-all/arm-none-eabi- |-binutils-cs=affected,fedor |binutils-cs=affected,fedora |a-all/avr-binutils=affected |-all/avr-binutils=affected, |,fedora-all/binutils=affect |fedora-all/binutils=affecte |ed,fedora-all/cross-binutil |d,fedora-all/cross-binutils |s=affected,fedora-all/mingw |=affected,fedora-all/mingw- |-binutils=affected,fedora-a |binutils=affected,fedora-al |ll/msp430-binutils=affected |l/msp430-binutils=affected, |,rhel-5/binutils=wontfix,rh |rhel-5/binutils=wontfix,rhe |el-5/binutils220=wontfix,rh |l-5/binutils220=wontfix,rhe |el-6/binutils=affected,rhel |l-6/binutils=affected,rhel- |-6/mingw32-binutils=wontfix |6/mingw32-binutils=wontfix, |,rhel-7/binutils=affected,e |rhel-7/binutils=affected,ep |pel-all/avr-binutils=affect |el-all/avr-binutils=affecte |ed,epel-all/cross-binutils= |d,epel-all/cross-binutils=a |affected,epel-all/mingw-bin |ffected,epel-all/mingw-binu |utils=affected |tils=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
--- Comment #25 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html