Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in binutils
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in binutils
ID: FEDORA-2015-0750
Distribution: Fedora
Plattformen: Fedora 21
Datum: Do, 22. Januar 2015, 07:35
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738

Originalnachricht

Name        : binutils
Product : Fedora 21
Version : 2.24
Release : 30.fc21
URL : http://sources.redhat.com/binutils
Summary : A GNU collection of binary utilities
Description :
Binutils is a collection of binary utilities, including ar (for
creating, modifying and extracting from archives), as (a family of GNU
assemblers), gprof (for displaying call graph profile data), ld (the
GNU linker), nm (for listing symbols from object files), objcopy (for
copying and translating object files), objdump (for displaying
information from object files), ranlib (for generating an index for
the contents of an archive), readelf (for displaying detailed
information about binary files), size (for listing the section sizes
of an object or archive file), strings (for listing printable strings
from files), strip (for discarding symbols), and addr2line (for
converting addresses to file and line).

-------------------------------------------------------------------------------
-
Update Information:

Fix problems with the ar program reported in FSF PR 17533
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Nov 13 2014 Nick Clifton <nickc@redhat.com> - 2.24-30
- Fix problems with the ar program reported in FSF PR 17533.
Resolves: BZ #1162666, #1162655
* Thu Nov 6 2014 Nick Clifton <nickc@redhat.com> - 2.24-29
- Fix seg-fault when adding symbols via a plugin.
Resovles: BZ #1149660
* Fri Oct 31 2014 Nick Clifton <nickc@redhat.com> - 2.24-28
- Remove bogus part of addr2line-dynsymtab.patch.
Resovles: BZ #1157706
* Fri Oct 31 2014 Nick Clifton <nickc@redhat.com> - 2.24-27
- Fix buffer overrun in ihex parser.
- Fix memory corruption in previous patch.
- Consoldiate corrupt handling patches into just one patch.
- Default strings command to using -a.
* Wed Oct 29 2014 Nick Clifton <nickc@redhat.com> - 2.24-26
- Fix memory corruption bug introduced by the previous patch.
* Tue Oct 28 2014 Nick Clifton <nickc@redhat.com> - 2.24-25
- Import patches for PR/17510 and PR/17512 to fix reading corrupt ELF binaries.
Resolves: BZ #1157276, #1157277
* Mon Oct 27 2014 Nick Clifton <nickc@redhat.com> - 2.24-24
- Import patch from mainline to fix seg-fault when reading corrupt group
headers.
Resolves: BZ #1157276, #11527277
* Fri Oct 24 2014 Nick Clifton <nickc@redhat.com> - 2.24-23
- Import patch from mainline to fix seg-fault when reading corrupt srec fields.
Resolves: BZ #1156272
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1162666 - CVE-2014-8738 binutils: out of bounds memory write
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
[ 2 ] Bug #1162655 - CVE-2014-8737 binutils: directory traversal
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update binutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung