Univention Bugzilla – Bug 36983
binutils: Multiple issues (4.0)
Last modified: 2015-03-25 16:38:03 CET
+++ This bug was initially created as a clone of Bug #36982 +++ Multiple security issues have been found in binutils and the included bfd library, which is e.g. used by strings(1), nm, objdump or gdb: Invalid read in libbfd (CVE-2014-8484) Buffer overflow in libbfd (CVE-2014-8485) Out of bounds write when parsing PE executables (CVE-2014-8501) Heap overflow in objdump (CVE-2014-8502) Buffer overflow in objdump when parsing ihex files (CVE-2014-8503) Buffer overflow in parsing S-Records (CVE-2014-8504) Directory traversal in ar and objcopy (CVE-2014-8737) Out of bounds write in ar (CVE-2014-8738)
Tests (amd64): OK Advisory: 2015-03-17-binutils.yaml
OK: apt-cache policy binutils # 2.22-8.30.201503161736 OK: aptitude install '?source-package(binutils)?installed' # i386 amd64 OK: zless /usr/share/doc/binutils/changelog.Debian.gz OK: CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 OK: errata-announce -V 2015-03-17-binutils.yaml FIXED: 2015-03-17-binutils.yaml -> r59299
<http://errata.univention.de/ucs/4.0/128.html>