First Last Prev Next    This bug is not in your last search results.
Bug 36983 - binutils: Multiple issues (4.0)
binutils: Multiple issues (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P3 normal (vote)
: UCS 4.0-1-errata
Assigned To: Janek Walkenhorst
Philipp Hahn
:
Depends on: 36982
Blocks:
  Show dependency treegraph
 
Reported: 2014-11-25 07:07 CET by Moritz Muehlenhoff
Modified: 2015-03-25 16:38 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-11-25 07:07:18 CET 
+++ This bug was initially created as a clone of Bug #36982 +++

Multiple security issues have been found in binutils and the included bfd library,
which is e.g. used by strings(1), nm, objdump or gdb:

Invalid read in libbfd (CVE-2014-8484)  
Buffer overflow in libbfd (CVE-2014-8485)
Out of bounds write when parsing PE executables (CVE-2014-8501) 
Heap overflow in objdump (CVE-2014-8502)
Buffer overflow in objdump when parsing ihex files (CVE-2014-8503)
Buffer overflow in parsing S-Records (CVE-2014-8504)
Directory traversal in ar and objcopy (CVE-2014-8737)
Out of bounds write in ar (CVE-2014-8738)
Comment 1 Janek Walkenhorst univentionstaff 2015-03-17 18:56:21 CET 
Tests (amd64): OK
Advisory: 2015-03-17-binutils.yaml
Comment 2 Philipp Hahn univentionstaff 2015-03-20 15:56:22 CET 
OK: apt-cache policy binutils # 2.22-8.30.201503161736
OK: aptitude install '?source-package(binutils)?installed' # i386 amd64
OK: zless /usr/share/doc/binutils/changelog.Debian.gz
OK: CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738

OK: errata-announce -V 2015-03-17-binutils.yaml
FIXED: 2015-03-17-binutils.yaml -> r59299
Comment 3 Janek Walkenhorst univentionstaff 2015-03-25 16:38:03 CET 
<http://errata.univention.de/ucs/4.0/128.html>
First Last Prev Next    This bug is not in your last search results.