November 2012 - mingw - Fedora Mailing-Lists

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 Jan Lieskovsky <jlieskov(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(jlieskov(a)redhat.c | |om) | -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 Jan Kratochvil <jan.kratochvil(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(jlieskov(a)redhat.c | |om) --- Comment #31 from Jan Kratochvil <jan.kratochvil(a)redhat.com> --- Jan, is this bug therefore an "arbitrary code execution" exploitable or not? IMO it is not, therefore it is a normal uninteresting crasher bug which has been fixed upstream now and which is IMO not even worth a backport. There are many such uninteresting invalid-input crasher bugs in GNU toolchain (see Comment 2). -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 Jan Kratochvil <jan.kratochvil(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Comment #2 is|1 |0 private| | -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 --- Comment #30 from Jan Kratochvil <jan.kratochvil(a)redhat.com> --- (In reply to comment #29) > The following packages actually export the _objalloc_alloc symbol This is incomplete as _objalloc_alloc does not have to be exported but it still can be used inside the binary. Package 'gdb' exports its very every symbol but this is a current bug to be fixed. It is caused due to its linkage with Python: -Xlinker -export-dynamic avr-gdb does not link with Python so it does not wasterfully export everything. Therefore to very avr-gdb one has to verify _objalloc_alloc presence by: # yum install avr-gdb-debuginfo $ nm /usr/lib/debug/usr/bin/avr-gdb.debug | grep -w _objalloc_alloc 00000000005d85c0 T _objalloc_alloc So avr-gdb and probably some other packages should be also listed as affected. -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 Bug 849693 depends on bug 877013, which changed state. Bug 877013 Summary: CVE-2012-3509 in bundled libiberty https://bugzilla.redhat.com/show_bug.cgi?id=877013 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 Jon Ciesla <limburgher(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |877018 -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 Jon Ciesla <limburgher(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |877017 -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 Jon Ciesla <limburgher(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |877014 -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 Jon Ciesla <limburgher(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |877013 -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

by Red Hat Bugzilla

Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693 Jon Ciesla <limburgher(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |877012 -- You are receiving this mail because: You are on the CC list for the bug.

11 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw November 2012