[Bug 1092759] New: gzseek calls can incorrectly position the file.
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1092759
Bug ID: 1092759
Summary: gzseek calls can incorrectly position the file.
Product: Fedora
Version: 19
Component: mingw-zlib
Assignee: rjones(a)redhat.com
Reporter: tsteven4(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Created attachment 890969
--> https://bugzilla.redhat.com/attachment.cgi?id=890969&action=edit
zlib gzseek test case
Description of problem: gzseek can incorrectly hit EOF, causing subsequent
gzread calls to fail.
Version-Release number of selected component (if applicable):
mingw32-zlib-1.2.7-2.fc19.noarch
How reproducible:
100%
Steps to Reproduce:
1. unzip test case zlib_test2.zip provided.
2. run test2 script to compile the test case.
3. execute test case by running testz2.exe under windows. testz2.exe,
zlib1.dll and test.data all need to be in the directory testz2.exe is executed
from.
Actual results:
Got 0
Expected results:
Got 4
Additional info:
A possible patch with zlib 1.2.8 is listed below, although this might be a
configuration problem. offset, which is of type z_off64_t, ends up being 32
bits as configured.
--- gzlib.c 2013-03-24 23:47:59.000000000 -0600
+++ gzlib.patch.c 2014-04-27 15:34:38.496808069 -0600
@@ -393,7 +393,7 @@
/* if within raw area while reading, just go there */
if (state->mode == GZ_READ && state->how == COPY &&
state->x.pos + offset >= 0) {
- ret = LSEEK(state->fd, offset - state->x.have, SEEK_CUR);
+ ret = LSEEK(state->fd, offset - (z_off64_t)state->x.have, SEEK_CUR);
if (ret == -1)
return -1;
state->x.have = 0;
I have reported this to zlib(a)gzip.org but haven't received any response yet.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=t37ShhxD8T&a=cc_unsubscribe
9 years, 3 months
[Bug 1162678] New: mingw-binutils: binutils: out of bounds memory write [epel-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162678
Bug ID: 1162678
Summary: mingw-binutils: binutils: out of bounds memory write
[epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162666
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
[Bug 1162666] binutils: out of bounds memory write
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=QEfoIFLnS8&a=cc_unsubscribe
9 years, 3 months
[Bug 1162665] New: mingw-binutils: binutils: directory traversal vulnerability [epel-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162665
Bug ID: 1162665
Summary: mingw-binutils: binutils: directory traversal
vulnerability [epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162655
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
[Bug 1162655] binutils: directory traversal vulnerability
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=mAjttbGbKd&a=cc_unsubscribe
9 years, 3 months
[Bug 1162630] New: CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [epel-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162630
Bug ID: 1162630
Summary: CVE-2014-8504 mingw-binutils: binutils: stack overflow
in the SREC parser [epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162621 (CVE-2014-8504)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
[Bug 1162621] CVE-2014-8504 binutils: stack overflow in the SREC parser
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JyPQu7TGVU&a=cc_unsubscribe
9 years, 3 months
[Bug 1162619] New: CVE-2014-8503 mingw-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [epel-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162619
Bug ID: 1162619
Summary: CVE-2014-8503 mingw-binutils: binutils: stack overflow
in objdump when parsing specially crafted ihex file
[epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162607 (CVE-2014-8503)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162607
[Bug 1162607] CVE-2014-8503 binutils: stack overflow in objdump when
parsing specially crafted ihex file
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=EyQKy8SkMe&a=cc_unsubscribe
9 years, 3 months
[Bug 1162606] New: CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [epel-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162606
Bug ID: 1162606
Summary: CVE-2014-8502 mingw-binutils: binutils: heap overflow
in objdump [epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162594 (CVE-2014-8502)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
[Bug 1162594] CVE-2014-8502 binutils: heap overflow in objdump
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VIewK5AgR2&a=cc_unsubscribe
9 years, 3 months
[Bug 1162673] New: mingw-binutils: binutils: out of bounds memory write [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162673
Bug ID: 1162673
Summary: mingw-binutils: binutils: out of bounds memory write
[fedora-all]
Product: Fedora
Version: 20
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Blocks: 1162666
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
[Bug 1162666] binutils: out of bounds memory write
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dEQdekFCiz&a=cc_unsubscribe
9 years, 3 months
[Bug 1162660] New: mingw-binutils: binutils: directory traversal vulnerability [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162660
Bug ID: 1162660
Summary: mingw-binutils: binutils: directory traversal
vulnerability [fedora-all]
Product: Fedora
Version: 20
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Blocks: 1162655
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
[Bug 1162655] binutils: directory traversal vulnerability
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0rCsRfqbK3&a=cc_unsubscribe
9 years, 3 months
[Bug 1162626] New: CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1162626
Bug ID: 1162626
Summary: CVE-2014-8504 mingw-binutils: binutils: stack overflow
in the SREC parser [fedora-all]
Product: Fedora
Version: 20
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Blocks: 1162621 (CVE-2014-8504)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
[Bug 1162621] CVE-2014-8504 binutils: stack overflow in the SREC parser
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0g5PmhlHcw&a=cc_unsubscribe
9 years, 3 months