https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Bug ID: 1162570 Summary: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: vkaigoro@redhat.com CC: bgollahe@redhat.com, dan@danny.cz, dhowells@redhat.com, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, jakub@redhat.com, kalevlember@gmail.com, kanderso@redhat.com, ktietz@redhat.com, law@redhat.com, lkocman@redhat.com, lkundrak@v3.sk, mfranc@redhat.com, mhlavink@redhat.com, nickc@redhat.com, ohudlick@redhat.com, pfrankli@redhat.com, rjones@redhat.com, rob@robspanton.com, seceng-idm-qe-list@redhat.com, swhiteho@redhat.com, thibault.north@gmail.com, tmlcoch@redhat.com, trond.danielsen@gmail.com
It was reported [1] that running strings, nm or objdump on a constructed PE file [2] leads to out-of bounds write to an unitialized memory area. Upstream path for this issue is at [3].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c0 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7849 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb...
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1156276
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1162574 Depends On| |1162575 Depends On| |1162576 Depends On| |1162577 Depends On| |1162578 Depends On| |1162580 Depends On| |1162581 Depends On| |1162582 Depends On| |1162583
--- Comment #1 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created mingw-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162578] Affects: epel-all [bug 1162583]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162574 [Bug 1162574] CVE-2014-8501 arm-none-eabi-binutils-cs: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162575 [Bug 1162575] CVE-2014-8501 avr-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162576 [Bug 1162576] CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162577 [Bug 1162577] CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162578 [Bug 1162578] CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162580 [Bug 1162580] CVE-2014-8501 msp430-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162581 [Bug 1162581] CVE-2014-8501 avr-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162582 [Bug 1162582] CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162583 [Bug 1162583] CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #2 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created avr-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162575] Affects: epel-all [bug 1162581]
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #3 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created arm-none-eabi-binutils-cs tracking bugs for this issue:
Affects: fedora-all [bug 1162574]
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #4 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created msp430-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162580]
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #5 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created cross-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162577] Affects: epel-all [bug 1162582]
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #6 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1162576]
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141026, |impact=low,public=20141026, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-sec,cvss2=1.2/AV:L/AC:H/A |u:N/C:P/I:N/A:N,cwe=CWE-787 |u:N/C:P/I:N/A:N,cwe=CWE-787 |,dts-2.1/devtoolset-2-binut |,dts-2.1/devtoolset-2-binut |ils=new,dts-3.0/devtoolset- |ils=new,dts-3.0/devtoolset- |3-binutils=new,fedora-all/a |3-binutils=new,fedora-all/a |rm-none-eabi-binutils-cs=af |rm-none-eabi-binutils-cs=af |fected,fedora-all/avr-binut |fected,fedora-all/avr-binut |ils=affected,fedora-all/bin |ils=affected,fedora-all/bin |utils=affected,fedora-all/c |utils=affected,fedora-all/c |ross-binutils=affected,fedo |ross-binutils=affected,fedo |ra-all/mingw-binutils=affec |ra-all/mingw-binutils=affec |ted,fedora-all/msp430-binut |ted,fedora-all/msp430-binut |ils=affected,rhel-4/binutil |ils=affected,rhel-5/binutil |s=new,rhel-5/binutils=new,r |s=new,rhel-5/binutils220=ne |hel-5/binutils220=new,rhel- |w,rhel-6/binutils=new,rhel- |6/binutils=new,rhel-6/mingw |6/mingw32-binutils=new,rhel |32-binutils=new,rhel-7/binu |-7/binutils=new,epel-all/av |tils=new,epel-all/avr-binut |r-binutils=affected,epel-al |ils=affected,epel-all/cross |l/cross-binutils=affected,e |-binutils=affected,epel-all |pel-all/mingw-binutils=affe |/mingw-binutils=affected |cted
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141026, |impact=low,public=20141026, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-sec,cvss2=1.2/AV:L/AC:H/A |u:N/C:P/I:N/A:N,cwe=CWE-787 |u:N/C:P/I:N/A:N,cwe=CWE-787 |,dts-2.1/devtoolset-2-binut |,dts-2.1/devtoolset-2-binut |ils=new,dts-3.0/devtoolset- |ils=affected,dts-3.0/devtoo |3-binutils=new,fedora-all/a |lset-3-binutils=affected,fe |rm-none-eabi-binutils-cs=af |dora-all/arm-none-eabi-binu |fected,fedora-all/avr-binut |tils-cs=affected,fedora-all |ils=affected,fedora-all/bin |/avr-binutils=affected,fedo |utils=affected,fedora-all/c |ra-all/binutils=affected,fe |ross-binutils=affected,fedo |dora-all/cross-binutils=aff |ra-all/mingw-binutils=affec |ected,fedora-all/mingw-binu |ted,fedora-all/msp430-binut |tils=affected,fedora-all/ms |ils=affected,rhel-5/binutil |p430-binutils=affected,rhel |s=new,rhel-5/binutils220=ne |-5/binutils=wontfix,rhel-5/ |w,rhel-6/binutils=new,rhel- |binutils220=wontfix,rhel-6/ |6/mingw32-binutils=new,rhel |binutils=affected,rhel-6/mi |-7/binutils=new,epel-all/av |ngw32-binutils=defer,rhel-7 |r-binutils=affected,epel-al |/binutils=affected,epel-all |l/cross-binutils=affected,e |/avr-binutils=affected,epel |pel-all/mingw-binutils=affe |-all/cross-binutils=affecte |cted |d,epel-all/mingw-binutils=a | |ffected
--- Comment #7 from Vasyl Kaigorodov vkaigoro@redhat.com --- Statement:
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |binutils 2.25
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1168281
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1168302
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141026, |impact=low,public=20141026, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-sec,cvss2=1.2/AV:L/AC:H/A |u:N/C:P/I:N/A:N,cwe=CWE-787 |u:N/C:P/I:N/A:N,cwe=CWE-787 |,dts-2.1/devtoolset-2-binut |,dts-2.1/devtoolset-2-binut |ils=affected,dts-3.0/devtoo |ils=affected,dts-3.0/devtoo |lset-3-binutils=affected,fe |lset-3-binutils=affected,fe |dora-all/arm-none-eabi-binu |dora-all/arm-none-eabi-binu |tils-cs=affected,fedora-all |tils-cs=affected,fedora-all |/avr-binutils=affected,fedo |/avr-binutils=affected,fedo |ra-all/binutils=affected,fe |ra-all/binutils=affected,fe |dora-all/cross-binutils=aff |dora-all/cross-binutils=aff |ected,fedora-all/mingw-binu |ected,fedora-all/mingw-binu |tils=affected,fedora-all/ms |tils=affected,fedora-all/ms |p430-binutils=affected,rhel |p430-binutils=affected,rhel |-5/binutils=wontfix,rhel-5/ |-5/binutils=wontfix,rhel-5/ |binutils220=wontfix,rhel-6/ |binutils220=wontfix,rhel-6/ |binutils=affected,rhel-6/mi |binutils=affected,rhel-6/mi |ngw32-binutils=defer,rhel-7 |ngw32-binutils=wontfix,rhel |/binutils=affected,epel-all |-7/binutils=affected,epel-a |/avr-binutils=affected,epel |ll/avr-binutils=affected,ep |-all/cross-binutils=affecte |el-all/cross-binutils=affec |d,epel-all/mingw-binutils=a |ted,epel-all/mingw-binutils |ffected |=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141026, |impact=low,public=20141026, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-sec,cvss2=1.2/AV:L/AC:H/A |u:N/C:P/I:N/A:N,cwe=CWE-787 |u:N/C:P/I:N/A:N,cwe=CWE-787 |,dts-2.1/devtoolset-2-binut |,dts-2.1/devtoolset-2-binut |ils=affected,dts-3.0/devtoo |ils=affected,dts-3.0/devtoo |lset-3-binutils=affected,fe |lset-3-binutils=affected,fe |dora-all/arm-none-eabi-binu |dora-all/arm-none-eabi-binu |tils-cs=affected,fedora-all |tils-cs=affected,fedora-all |/avr-binutils=affected,fedo |/avr-binutils=affected,fedo |ra-all/binutils=affected,fe |ra-all/binutils=affected,fe |dora-all/cross-binutils=aff |dora-all/cross-binutils=aff |ected,fedora-all/mingw-binu |ected,fedora-all/mingw-binu |tils=affected,fedora-all/ms |tils=affected,fedora-all/ms |p430-binutils=affected,rhel |p430-binutils=affected,rhel |-5/binutils=wontfix,rhel-5/ |-5/binutils=wontfix,rhel-5/ |binutils220=wontfix,rhel-6/ |binutils220=wontfix,rhel-6/ |binutils=affected,rhel-6/mi |binutils=affected,rhel-6/mi |ngw32-binutils=wontfix,rhel |ngw32-binutils=wontfix,rhel |-7/binutils=affected,epel-a |-7/binutils=defer,epel-all/ |ll/avr-binutils=affected,ep |avr-binutils=affected,epel- |el-all/cross-binutils=affec |all/cross-binutils=affected |ted,epel-all/mingw-binutils |,epel-all/mingw-binutils=af |=affected |fected
https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug 1162570 depends on bug 1162574, which changed state.
Bug 1162574 Summary: CVE-2014-8501 arm-none-eabi-binutils-cs: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162574
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #9 from Fedora Update System updates@fedoraproject.org --- arm-none-eabi-binutils-cs-2014.05.28-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug 1162570 depends on bug 1162575, which changed state.
Bug 1162575 Summary: CVE-2014-8501 avr-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162575
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #10 from Fedora Update System updates@fedoraproject.org --- avr-binutils-2.24-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #11 from Fedora Update System updates@fedoraproject.org --- avr-binutils-2.24-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #12 from Fedora Update System updates@fedoraproject.org --- arm-none-eabi-binutils-cs-2014.05.28-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #13 from Fedora Update System updates@fedoraproject.org --- avr-binutils-2.24-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #14 from Fedora Update System updates@fedoraproject.org --- arm-none-eabi-binutils-cs-2014.05.28-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1172710
https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug 1162570 depends on bug 1162578, which changed state.
Bug 1162578 Summary: CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162578
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug 1162570 depends on bug 1162583, which changed state.
Bug 1162583 Summary: CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162583
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug 1162570 depends on bug 1162577, which changed state.
Bug 1162577 Summary: CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162577
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |CURRENTRELEASE
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141026, |impact=low,public=20141026, |reported=20141111,source=os |reported=20141111,source=os |s-sec,cvss2=1.2/AV:L/AC:H/A |s-security,cvss2=1.2/AV:L/A |u:N/C:P/I:N/A:N,cwe=CWE-787 |C:H/Au:N/C:P/I:N/A:N,cwe=CW |,dts-2.1/devtoolset-2-binut |E-787,dts-2.1/devtoolset-2- |ils=affected,dts-3.0/devtoo |binutils=affected,dts-3.0/d |lset-3-binutils=affected,fe |evtoolset-3-binutils=affect |dora-all/arm-none-eabi-binu |ed,fedora-all/arm-none-eabi |tils-cs=affected,fedora-all |-binutils-cs=affected,fedor |/avr-binutils=affected,fedo |a-all/avr-binutils=affected |ra-all/binutils=affected,fe |,fedora-all/binutils=affect |dora-all/cross-binutils=aff |ed,fedora-all/cross-binutil |ected,fedora-all/mingw-binu |s=affected,fedora-all/mingw |tils=affected,fedora-all/ms |-binutils=affected,fedora-a |p430-binutils=affected,rhel |ll/msp430-binutils=affected |-5/binutils=wontfix,rhel-5/ |,rhel-5/binutils=wontfix,rh |binutils220=wontfix,rhel-6/ |el-5/binutils220=wontfix,rh |binutils=affected,rhel-6/mi |el-6/binutils=affected,rhel |ngw32-binutils=wontfix,rhel |-6/mingw32-binutils=wontfix |-7/binutils=defer,epel-all/ |,rhel-7/binutils=defer,epel |avr-binutils=affected,epel- |-all/avr-binutils=affected, |all/cross-binutils=affected |epel-all/cross-binutils=aff |,epel-all/mingw-binutils=af |ected,epel-all/mingw-binuti |fected |ls=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141026, |impact=low,public=20141026, |reported=20141111,source=os |reported=20141111,source=os |s-security,cvss2=1.2/AV:L/A |s-security,cvss2=2.6/AV:L/A |C:H/Au:N/C:P/I:N/A:N,cwe=CW |C:H/Au:N/C:P/I:N/A:P,cwe=CW |E-787,dts-2.1/devtoolset-2- |E-787,dts-2.1/devtoolset-2- |binutils=affected,dts-3.0/d |binutils=affected,dts-3.0/d |evtoolset-3-binutils=affect |evtoolset-3-binutils=affect |ed,fedora-all/arm-none-eabi |ed,fedora-all/arm-none-eabi |-binutils-cs=affected,fedor |-binutils-cs=affected,fedor |a-all/avr-binutils=affected |a-all/avr-binutils=affected |,fedora-all/binutils=affect |,fedora-all/binutils=affect |ed,fedora-all/cross-binutil |ed,fedora-all/cross-binutil |s=affected,fedora-all/mingw |s=affected,fedora-all/mingw |-binutils=affected,fedora-a |-binutils=affected,fedora-a |ll/msp430-binutils=affected |ll/msp430-binutils=affected |,rhel-5/binutils=wontfix,rh |,rhel-5/binutils=wontfix,rh |el-5/binutils220=wontfix,rh |el-5/binutils220=wontfix,rh |el-6/binutils=affected,rhel |el-6/binutils=affected,rhel |-6/mingw32-binutils=wontfix |-6/mingw32-binutils=wontfix |,rhel-7/binutils=defer,epel |,rhel-7/binutils=defer,epel |-all/avr-binutils=affected, |-all/avr-binutils=affected, |epel-all/cross-binutils=aff |epel-all/cross-binutils=aff |ected,epel-all/mingw-binuti |ected,epel-all/mingw-binuti |ls=affected |ls=affected
--- Doc Text *updated* --- A stack-based buffer overflow flaw was found in the way binutils utilities processed certain files. If a user were tricked into running some binutils utility on a specially crafted file, it could cause such an executable to crash or potentially execute arbitrary code with the privileges of the user running an executable.
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- A stack-based buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility.
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #17 from Nick Clifton nickc@redhat.com --- Hi Guys,
The recently uploaded patch for BZ 1162594 also fixes this bug:
https://bugzilla.redhat.com/attachment.cgi?id=1043575&action=diff
Cheers Nick
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Nick Clifton nickc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |MODIFIED Fixed In Version|binutils 2.25 |binutils-2.23.52.0.1-46.el7
https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug 1162570 depends on bug 1162576, which changed state.
Bug 1162576 Summary: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162576
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug 1162570 depends on bug 1162580, which changed state.
Bug 1162580 Summary: CVE-2014-8501 msp430-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162580
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |NEW Fixed In Version|binutils-2.23.52.0.1-46.el7 |binutils 2.25
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Miloš Prchlík mprchlik@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mprchlik@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1210268
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141026, |impact=low,public=20141026, |reported=20141111,source=os |reported=20141111,source=os |s-security,cvss2=2.6/AV:L/A |s-security,cvss2=2.6/AV:L/A |C:H/Au:N/C:P/I:N/A:P,cwe=CW |C:H/Au:N/C:P/I:N/A:P,cwe=CW |E-787,dts-2.1/devtoolset-2- |E-787,dts-2.1/devtoolset-2- |binutils=affected,dts-3.0/d |binutils=affected,dts-3.0/d |evtoolset-3-binutils=affect |evtoolset-3-binutils=affect |ed,fedora-all/arm-none-eabi |ed,fedora-all/arm-none-eabi |-binutils-cs=affected,fedor |-binutils-cs=affected,fedor |a-all/avr-binutils=affected |a-all/avr-binutils=affected |,fedora-all/binutils=affect |,fedora-all/binutils=affect |ed,fedora-all/cross-binutil |ed,fedora-all/cross-binutil |s=affected,fedora-all/mingw |s=affected,fedora-all/mingw |-binutils=affected,fedora-a |-binutils=affected,fedora-a |ll/msp430-binutils=affected |ll/msp430-binutils=affected |,rhel-5/binutils=wontfix,rh |,rhel-5/binutils=wontfix,rh |el-5/binutils220=wontfix,rh |el-5/binutils220=wontfix,rh |el-6/binutils=affected,rhel |el-6/binutils=affected,rhel |-6/mingw32-binutils=wontfix |-6/mingw32-binutils=wontfix |,rhel-7/binutils=defer,epel |,rhel-7/binutils=affected,e |-all/avr-binutils=affected, |pel-all/avr-binutils=affect |epel-all/cross-binutils=aff |ed,epel-all/cross-binutils= |ected,epel-all/mingw-binuti |affected,epel-all/mingw-bin |ls=affected |utils=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141026, |impact=low,public=20141026, |reported=20141111,source=os |reported=20141111,source=os |s-security,cvss2=2.6/AV:L/A |s-security,cvss2=2.6/AV:L/A |C:H/Au:N/C:P/I:N/A:P,cwe=CW |C:H/Au:N/C:P/I:N/A:P,cwe=CW |E-787,dts-2.1/devtoolset-2- |E-787,dts-2.1/devtoolset-2- |binutils=affected,dts-3.0/d |binutils=wontfix,dts-3.0/de |evtoolset-3-binutils=affect |vtoolset-3-binutils=affecte |ed,fedora-all/arm-none-eabi |d,fedora-all/arm-none-eabi- |-binutils-cs=affected,fedor |binutils-cs=affected,fedora |a-all/avr-binutils=affected |-all/avr-binutils=affected, |,fedora-all/binutils=affect |fedora-all/binutils=affecte |ed,fedora-all/cross-binutil |d,fedora-all/cross-binutils |s=affected,fedora-all/mingw |=affected,fedora-all/mingw- |-binutils=affected,fedora-a |binutils=affected,fedora-al |ll/msp430-binutils=affected |l/msp430-binutils=affected, |,rhel-5/binutils=wontfix,rh |rhel-5/binutils=wontfix,rhe |el-5/binutils220=wontfix,rh |l-5/binutils220=wontfix,rhe |el-6/binutils=affected,rhel |l-6/binutils=affected,rhel- |-6/mingw32-binutils=wontfix |6/mingw32-binutils=wontfix, |,rhel-7/binutils=affected,e |rhel-7/binutils=affected,ep |pel-all/avr-binutils=affect |el-all/avr-binutils=affecte |ed,epel-all/cross-binutils= |d,epel-all/cross-binutils=a |affected,epel-all/mingw-bin |ffected,epel-all/mingw-binu |utils=affected |tils=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
--- Comment #18 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html