[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

bugzilla at redhat.com bugzilla at redhat.com
Wed Oct 31 21:40:07 UTC 2012 

https://bugzilla.redhat.com/show_bug.cgi?id=849693

Vincent Danen <vdanen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vdanen at redhat.com

--- Comment #29 from Vincent Danen <vdanen at redhat.com> ---
I've done some additional poking around on this.  In Fedora 17, I've found the
following packages which contain libiberty/objalloc.c:

arm-gp2x-linux-binutils-2.16.1-11.fc17
arm-gp2x-linux-gcc-4.1.2-13.fc17
avr-binutils-2.20-3.fc17
avr-gcc-4.6.3-1.fc17
avr-gdb-7.1-4.fc17
binutils-2.22.52.0.1-10.fc17
CableSwig-3.20.0-6.fc17
compat-gcc-296-2.96-144
compat-gcc-32-3.2.3-68.3
compat-gcc-34-3.4.6-24.fc17
cross-gcc-4.7.1-0.1.20120606.fc17
gcc-4.7.2-2.fc17
gccxml-0.9.0-0.12.20120309.fc17
gdb-7.4.50.20120120-50.fc17
ghdl-0.29-2.143svn.6.fc17
insight-7.4.50-1.20120403cvs.fc17
mingw-binutils-2.22.52-4.fc17
mingw-crt-2.0.999-0.6.trunk.20120601.fc17
mingw-crt-2.0.999-0.6.trunk.20120601.fc17
mingw-gcc-4.7.0-2.fc17
mingw-gdb-7.4.50.20120603-1.fc17
mingw-headers-2.0.999-0.7.trunk.20120601.fc17
mingw-headers-2.0.999-0.7.trunk.20120601.fc17
mingw-w64-tools-2.0.999-0.2.trunk.20120124.fc17
mingw-w64-tools-2.0.999-0.2.trunk.20120124.fc17
mono-debugger-2.10-3.fc17
msp430-binutils-2.19.1-4.fc17
msp430-gcc-3.2.3-6.20100805cvs.fc17
nesc-1.3.4-1.fc17
sh-elf-binutils-2.21-3.fc17

Obviously not all of them compile in or use the affected function.  The
following packages actually export the _objalloc_alloc symbol (this is
incomplete as my tool doesn't have Fedora 17 imported, so this is from Fedora
16):

binutils-2.21.53.0.1-6.fc16 (binutils): _objalloc_alloc in
/usr/lib/libbfd-2.21.53.0.1-6.fc16.so
crash-6.0.2-1.fc16 (crash): _objalloc_alloc in /usr/bin/crash
gdb-7.3.50.20110722-10.fc16 (gdb): _objalloc_alloc in /usr/bin/gdb
insight-6.8.1-4.fc15 (insight): _objalloc_alloc in /usr/bin/insight
lush-1.2.1-6.fc12 (lush): _objalloc_alloc in /usr/bin/lush
mono-debugger-2.10-1.fc16 (mono-debugger): _objalloc_alloc in
/usr/lib/libmonodebuggerserver.so.0.0.0
mutrace-0.2-2.fc15 (mutrace): _objalloc_alloc in
/usr/lib/libmutrace-backtrace-symbols.so

Based on prior discussion, it does not seem that gcc is affected by this, and
the above backs it up unless gcc is hiding the symbols (or my tool is wrong).

It looks as though lush isn't in Fedora 17 so could be ignored, but the
immediate suspects are gdb, binutils, crash, insight, mono-debugger, and
mutrace.  I don't know about, for instance, avr-gdb as it doesn't seem to
export the symbol, but I also don't know if that really means anything (not
sure what avr binaries are or what "remote debugging is", based on the rpm
description).

If nothing else, this is a list to work off of, at least initially.

I'm hesitant to file tracking bugs for these, however, because a tracking bug
was filed for gdb a month ago for Fedora, and nothing has been done with it
that I can see.  Is there a problem with the patch, or some other reason for
not getting the fix into gdb?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the mingw mailing list