Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in cross-binutils
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in cross-binutils
ID: FEDORA-2015-0471
Distribution: Fedora
Plattformen: Fedora 20
Datum: Do, 22. Januar 2015, 07:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504

Originalnachricht

Name        : cross-binutils
Product : Fedora 20
Version : 2.25
Release : 3.fc20
URL : http://sources.redhat.com/binutils
Summary : A GNU collection of cross-compilation binary utilities
Description :
Binutils is a collection of binary utilities, including ar (for
creating, modifying and extracting from archives), as (a family of GNU
assemblers), gprof (for displaying call graph profile data), ld (the
GNU linker), nm (for listing symbols from object files), objcopy (for
copying and translating object files), objdump (for displaying
information from object files), ranlib (for generating an index for
the contents of an archive), readelf (for displaying detailed
information about binary files), size (for listing the section sizes
of an object or archive file), strings (for listing printable strings
from files), strip (for discarding symbols), and addr2line (for
converting addresses to file and line).

-------------------------------------------------------------------------------
-
Update Information:

Upgrade to binutils-2.25 thus fixing a number of security bugs
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Jan 7 2015 David Howells <dhowells@redhat.com> - 2.25-2
- Fix up the target for SH64 and cease mixing 32-bit SH targets with SH64.
- SH64: Work around flags not getting set on incremental link of .a into .o
[binutils bz 17288].
* Mon Jan 5 2015 David Howells <dhowells@redhat.com> - 2.25-1
- Sync with binutils-2.25 to pick up fixes.
Resolves: BZ #1162577, #1162601, #1162611, #1162625
* Thu Nov 13 2014 David Howells <dhowells@redhat.com> - 2.24-7
- Fix problems with the ar program reported in FSF PR 17533.
Resolves: BZ #1162672, #1162659
* Wed Nov 12 2014 David Howells <dhowells@redhat.com> - 2.24-6
- Sync with binutils to pick up fixes.
- Backport binutils 2.4 upstream branch to pick up more fixes.
* Sat Aug 16 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 2.24-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jul 18 2014 David Howells <dhowells@redhat.com> - 2.24-5
- Add NIOS2 arch support.
* Mon Jun 16 2014 David Howells <dhowells@redhat.com> - 2.24-4
- Fix gcc-4.9 new compile error in m68k handler in gas.
* Wed Jun 11 2014 David Howells <dhowells@redhat.com> - 2.24-4
- Sync with binutils-2.24-15 fixing the bfd_set_section_alignment() error [BZ
1106093]
- Apply the changes on binutils-2_24-branch in git to
cab6c3ee9785f072a373afe31253df0451db93cf.
* Fri Mar 28 2014 David Howells <dhowells@redhat.com> - 2.24-2
- A sysroot of / is bad, so make it /usr/<program-prefix>/sys-root/.
* Thu Mar 27 2014 David Howells <dhowells@redhat.com> - 2.24-1
- Fix formatless sprintfs in Score.
* Wed Mar 26 2014 David Howells <dhowells@redhat.com> - 2.24-1
- Update to binutils-2.24-1.
- Add metag arch support.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1162577 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds
write when parsing specially crafted PE executable [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162577
[ 2 ] Bug #1162601 - CVE-2014-8502 cross-binutils: binutils: heap overflow in
objdump [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162601
[ 3 ] Bug #1162611 - CVE-2014-8503 cross-binutils: binutils: stack overflow
in objdump when parsing specially crafted ihex file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162611
[ 4 ] Bug #1162625 - CVE-2014-8504 cross-binutils: binutils: stack overflow
in the SREC parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162625
[ 5 ] Bug #1162659 - cross-binutils: binutils: directory traversal
vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162659
[ 6 ] Bug #1162672 - cross-binutils: binutils: out of bounds memory write
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162672
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update cross-binutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung