You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa avr-binutils

Sigurnosni nedostaci programskog paketa avr-binutils

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-14838
2014-11-13 16:51:44
——————————————————————————–

Name : avr-binutils
Product : Fedora 19
Version : 2.24
Release : 3.fc19
URL : http://www.gnu.org/software/binutils/
Summary : Cross Compiling GNU binutils targeted at avr
Description :
This is a Cross Compiling version of GNU binutils, which can be used to
assemble and link binaries for the avr platform, instead of for the
native x86_64 platform.

——————————————————————————–
Update Information:

– fix directory traversal vulnerability
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
– fix out of bounds memory write
——————————————————————————–
ChangeLog:

* Thu Nov 13 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-3
– fix CVE-2014-8738: out of bounds memory write
* Wed Nov 12 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-2
– fix directory traversal vulnerability (#1162657)
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
* Wed Aug 13 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-1
– updated to 2.24
* Mon Feb 3 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.2-4
– avr-binutils may be affected by libiberty CVE (#1059362)
* Tue Aug 13 2013 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.2-3
– fix tex again
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1:2.23.2-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jun 24 2013 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.2-1
– updated to 2.23.2
* Tue Jun 18 2013 Jaromir Capik <jcapik@redhat.com> – 1:2.23.1-4
– autoreconf -vif doesn’t work -> patching for aarch64 support (#925061)
* Fri Apr 19 2013 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.1-3
– fix aarch64 support (#925061)
——————————————————————————–
References:

[ 1 ] Bug #1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
[ 2 ] Bug #1162594 – CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
[ 3 ] Bug #1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
[ 4 ] Bug #1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
[ 5 ] Bug #1162666 – CVE-2014-8738 binutils: out of bounds memory write
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update avr-binutils’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-14963
2014-11-13 17:02:48
——————————————————————————–

Name : avr-binutils
Product : Fedora 20
Version : 2.24
Release : 3.fc20
URL : http://www.gnu.org/software/binutils/
Summary : Cross Compiling GNU binutils targeted at avr
Description :
This is a Cross Compiling version of GNU binutils, which can be used to
assemble and link binaries for the avr platform, instead of for the
native arm platform.

——————————————————————————–
Update Information:

– fix directory traversal vulnerability
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
– fix out of bounds memory write
——————————————————————————–
ChangeLog:

* Thu Nov 13 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-3
– fix CVE-2014-8738: out of bounds memory write
* Wed Nov 12 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-2
– fix directory traversal vulnerability (#1162657)
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
* Wed Aug 13 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-1
– updated to 2.24
* Mon Feb 3 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.2-4
– avr-binutils may be affected by libiberty CVE (#1059362)
——————————————————————————–
References:

[ 1 ] Bug #1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
[ 2 ] Bug #1162594 – CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
[ 3 ] Bug #1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
[ 4 ] Bug #1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
[ 5 ] Bug #1162666 – CVE-2014-8738 binutils: out of bounds memory write
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update avr-binutils’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarijo Plepelic
Cert idNCERT-REF-2014-12-0013-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni propusti programskog paketa clamav

Otkrivena su dva sigurnosna propusta programskog paketa clamav za SUSE LE. Kod prvog propusta određene javascript datoteke uzrokuju pokušaje pristupanja...

Close