You are here
Home > Preporuke > Ranjivosti programskog paketa binutils

Ranjivosti programskog paketa binutils

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2015-0750
2015-01-17 04:40:02
——————————————————————————–

Name : binutils
Product : Fedora 21
Version : 2.24
Release : 30.fc21
URL : http://sources.redhat.com/binutils
Summary : A GNU collection of binary utilities
Description :
Binutils is a collection of binary utilities, including ar (for
creating, modifying and extracting from archives), as (a family of GNU
assemblers), gprof (for displaying call graph profile data), ld (the
GNU linker), nm (for listing symbols from object files), objcopy (for
copying and translating object files), objdump (for displaying
information from object files), ranlib (for generating an index for
the contents of an archive), readelf (for displaying detailed
information about binary files), size (for listing the section sizes
of an object or archive file), strings (for listing printable strings
from files), strip (for discarding symbols), and addr2line (for
converting addresses to file and line).

——————————————————————————–
Update Information:

Fix problems with the ar program reported in FSF PR 17533
——————————————————————————–
ChangeLog:

* Thu Nov 13 2014 Nick Clifton <nickc@redhat.com> – 2.24-30
– Fix problems with the ar program reported in FSF PR 17533.
Resolves: BZ #1162666, #1162655
* Thu Nov 6 2014 Nick Clifton <nickc@redhat.com> – 2.24-29
– Fix seg-fault when adding symbols via a plugin.
Resovles: BZ #1149660
* Fri Oct 31 2014 Nick Clifton <nickc@redhat.com> – 2.24-28
– Remove bogus part of addr2line-dynsymtab.patch.
Resovles: BZ #1157706
* Fri Oct 31 2014 Nick Clifton <nickc@redhat.com> – 2.24-27
– Fix buffer overrun in ihex parser.
– Fix memory corruption in previous patch.
– Consoldiate corrupt handling patches into just one patch.
– Default strings command to using -a.
* Wed Oct 29 2014 Nick Clifton <nickc@redhat.com> – 2.24-26
– Fix memory corruption bug introduced by the previous patch.
* Tue Oct 28 2014 Nick Clifton <nickc@redhat.com> – 2.24-25
– Import patches for PR/17510 and PR/17512 to fix reading corrupt ELF binaries.
Resolves: BZ #1157276, #1157277
* Mon Oct 27 2014 Nick Clifton <nickc@redhat.com> – 2.24-24
– Import patch from mainline to fix seg-fault when reading corrupt group headers.
Resolves: BZ #1157276, #11527277
* Fri Oct 24 2014 Nick Clifton <nickc@redhat.com> – 2.24-23
– Import patch from mainline to fix seg-fault when reading corrupt srec fields.
Resolves: BZ #1156272
——————————————————————————–
References:

[ 1 ] Bug #1162666 – CVE-2014-8738 binutils: out of bounds memory write
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
[ 2 ] Bug #1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update binutils’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorTomislav Protega
Cert idNCERT-REF-2015-01-0016-ADV
CveCVE-2014-8738 CVE-2014-8737
ID izvornikaFEDORA-2015-0750
Proizvodbinutils
Izvorhttp://www.redhat.com
Top
More in Preporuke
Ranjivosti programskog paketa cross-binutils

Otkriveno je više ranjivosti programskog paketa cross-binutils za Fedoru. Ranjivosti su posljedica čitanja podataka izvan granica dodijeljenje memorije, prekoračenja spremnika...

Close