https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1162622 Depends On| |1162623 Depends On| |1162624 Depends On| |1162625 Depends On| |1162626 Depends On| |1162627 Depends On| |1162628 Depends On| |1162629 Depends On| |1162630 --- Comment #1 from Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; --- Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162626] Affects: epel-all [bug 1162630] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1162622 [Bug 1162622] CVE-2014-8504 arm-none-eabi-binutils-cs: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162623 [Bug 1162623] CVE-2014-8504 avr-binutils: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162624 [Bug 1162624] CVE-2014-8504 binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162625 [Bug 1162625] CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162626 [Bug 1162626] CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162627 [Bug 1162627] CVE-2014-8504 msp430-binutils: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162628 [Bug 1162628] CVE-2014-8504 avr-binutils: binutils: stack overflow in the SREC parser [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162629 [Bug 1162629] CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC parser [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162630 [Bug 1162630] CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [epel-all] -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JNoJ8pK1SZ&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 --- Comment #3 from Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; --- Created arm-none-eabi-binutils-cs tracking bugs for this issue: Affects: fedora-all [bug 1162622] -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NfLfzMzkL6&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 --- Comment #5 from Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; --- Created cross-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162625] Affects: epel-all [bug 1162629] -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0NiVSMB5ZW&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141027, |impact=low,public=20141027, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-sec,cvss2=1.2/AV:L/AC:H/A |u:N/C:P/I:N/A:N,cwe=CWE-121 |u:N/C:P/I:N/A:N,cwe=CWE-121 |,dts-2.1/devtoolset-2-binut |,dts-2.1/devtoolset-2-binut |ils=new,dts-3.0/devtoolset- |ils=affected,dts-3.0/devtoo |3-binutils=new,fedora-all/a |lset-3-binutils=affected,fe |rm-none-eabi-binutils-cs=af |dora-all/arm-none-eabi-binu |fected,fedora-all/avr-binut |tils-cs=affected,fedora-all |ils=affected,fedora-all/bin |/avr-binutils=affected,fedo |utils=affected,fedora-all/c |ra-all/binutils=affected,fe |ross-binutils=affected,fedo |dora-all/cross-binutils=aff |ra-all/mingw-binutils=affec |ected,fedora-all/mingw-binu |ted,fedora-all/msp430-binut |tils=affected,fedora-all/ms |ils=affected,rhel-4/binutil |p430-binutils=affected,rhel |s=new,rhel-5/binutils=new,r |-5/binutils=wontfix,rhel-5/ |hel-5/binutils220=new,rhel- |binutils220=wontfix,rhel-6/ |6/binutils=new,rhel-6/mingw |binutils=affected,rhel-6/mi |32-binutils=new,rhel-7/binu |ngw32-binutils=defer,rhel-7 |tils=new,epel-all/avr-binut |/binutils=affected,epel-all |ils=affected,epel-all/cross |/avr-binutils=affected,epel |-binutils=affected,epel-all |-all/cross-binutils=affecte |/mingw-binutils=affected |d,epel-all/mingw-binutils=a | |ffected --- Comment #7 from Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; --- Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Jdl2MIApoQ&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1168281 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0h9h2a0oFP&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Tomas Hoger <thoger(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141027, |impact=low,public=20141027, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-sec,cvss2=1.2/AV:L/AC:H/A |u:N/C:P/I:N/A:N,cwe=CWE-121 |u:N/C:P/I:N/A:N,cwe=CWE-121 |,dts-2.1/devtoolset-2-binut |,dts-2.1/devtoolset-2-binut |ils=affected,dts-3.0/devtoo |ils=affected,dts-3.0/devtoo |lset-3-binutils=affected,fe |lset-3-binutils=affected,fe |dora-all/arm-none-eabi-binu |dora-all/arm-none-eabi-binu |tils-cs=affected,fedora-all |tils-cs=affected,fedora-all |/avr-binutils=affected,fedo |/avr-binutils=affected,fedo |ra-all/binutils=affected,fe |ra-all/binutils=affected,fe |dora-all/cross-binutils=aff |dora-all/cross-binutils=aff |ected,fedora-all/mingw-binu |ected,fedora-all/mingw-binu |tils=affected,fedora-all/ms |tils=affected,fedora-all/ms |p430-binutils=affected,rhel |p430-binutils=affected,rhel |-5/binutils=wontfix,rhel-5/ |-5/binutils=wontfix,rhel-5/ |binutils220=wontfix,rhel-6/ |binutils220=wontfix,rhel-6/ |binutils=affected,rhel-6/mi |binutils=affected,rhel-6/mi |ngw32-binutils=defer,rhel-7 |ngw32-binutils=wontfix,rhel |/binutils=affected,epel-all |-7/binutils=affected,epel-a |/avr-binutils=affected,epel |ll/avr-binutils=affected,ep |-all/cross-binutils=affecte |el-all/cross-binutils=affec |d,epel-all/mingw-binutils=a |ted,epel-all/mingw-binutils |ffected |=affected -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=EiCDCBAeWS&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Bug 1162621 depends on bug 1162622, which changed state. Bug 1162622 Summary: CVE-2014-8504 arm-none-eabi-binutils-cs: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162622 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fnQlGkYrSb&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Bug 1162621 depends on bug 1162623, which changed state. Bug 1162623 Summary: CVE-2014-8504 avr-binutils: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162623 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=XJo4DAlrgC&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 --- Comment #11 from Fedora Update System <updates(a)fedoraproject.org&gt; --- avr-binutils-2.24-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=p8Y7pjp0y7&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 --- Comment #13 from Fedora Update System <updates(a)fedoraproject.org&gt; --- avr-binutils-2.24-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=23yEOQrBoc&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1172710 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=be6fAygTVV&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Bug 1162621 depends on bug 1162630, which changed state. Bug 1162630 Summary: CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162630 What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VTKyN4YGwY&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 --- Comment #16 from Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; --- Reproducer for this is available at http://lcamtuf.coredump.cx/strings-stack-overflow - just run "strings" utility on that crafted file. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=vXEAfOALm7&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 --- Doc Text *updated* by Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; --- A stack-based buffer overflow flaw was found in the SREC parser of libbfd library. If a user were tricked into running a binutils utility on a specially crafted file, it could cause this utility to crash or potentially execute arbitrary code with the privileges of the user running that utility. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=597onrW2Sd&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 --- Doc Text *updated* by Martin Prpic <mprpic(a)redhat.com&gt; --- A stack-based buffer overflow flaw was found in the way objdump processed IHEX files. A specially crafted IHEX file could cause objdump to crash or, potentially, execute arbitrary code with the privileges of the user running objdump. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JHGhahFAay&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 --- Comment #18 from Nick Clifton <nickc(a)redhat.com&gt; --- Created attachment 1043598 --> https://bugzilla.redhat.com/attachment.cgi?id=1043598&action=edit Patch imported from PR 17510 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=AI7dhUUmFR&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Nick Clifton <nickc(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |MODIFIED Fixed In Version|binutils 2.25 |(binutils-2.23.52.0.1-48.el | |7 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=eCA5W5FpBj&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Bug 1162621 depends on bug 1162627, which changed state. Bug 1162627 Summary: CVE-2014-8504 msp430-binutils: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162627 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Z8TG45Ifdo&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Miloš Prchlík <mprchlik(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mprchlik(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wWJDNf87zG&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141027, |impact=low,public=20141027, |reported=20141111,source=os |reported=20141111,source=os |s-security,cvss2=1.2/AV:L/A |s-security,cvss2=1.2/AV:L/A |C:H/Au:N/C:P/I:N/A:N,cwe=CW |C:H/Au:N/C:P/I:N/A:N,cwe=CW |E-121,dts-2.1/devtoolset-2- |E-121,dts-2.1/devtoolset-2- |binutils=affected,dts-3.0/d |binutils=affected,dts-3.0/d |evtoolset-3-binutils=affect |evtoolset-3-binutils=affect |ed,fedora-all/arm-none-eabi |ed,fedora-all/arm-none-eabi |-binutils-cs=affected,fedor |-binutils-cs=affected,fedor |a-all/avr-binutils=affected |a-all/avr-binutils=affected |,fedora-all/binutils=affect |,fedora-all/binutils=affect |ed,fedora-all/cross-binutil |ed,fedora-all/cross-binutil |s=affected,fedora-all/mingw |s=affected,fedora-all/mingw |-binutils=affected,fedora-a |-binutils=affected,fedora-a |ll/msp430-binutils=affected |ll/msp430-binutils=affected |,rhel-5/binutils=wontfix,rh |,rhel-5/binutils=wontfix,rh |el-5/binutils220=wontfix,rh |el-5/binutils220=wontfix,rh |el-6/binutils=affected,rhel |el-6/binutils=affected,rhel |-6/mingw32-binutils=wontfix |-6/mingw32-binutils=wontfix |,rhel-7/binutils=defer,epel |,rhel-7/binutils=affected,e |-all/avr-binutils=affected, |pel-all/avr-binutils=affect |epel-all/cross-binutils=aff |ed,epel-all/cross-binutils= |ected,epel-all/mingw-binuti |affected,epel-all/mingw-bin |ls=affected |utils=affected -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=SVzlzObxRs&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 --- Comment #20 from errata-xmlrpc <errata-xmlrpc(a)redhat.com&gt; --- This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=XsM165aHgB&a=cc_unsubscribe