[SECURITY] Fedora 20 Update: cross-binutils-2.25-3.fc20

updates at fedoraproject.org updates at fedoraproject.org
Wed Jan 21 23:05:23 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-0471
2015-01-09 11:07:06
--------------------------------------------------------------------------------

Name        : cross-binutils
Product     : Fedora 20
Version     : 2.25
Release     : 3.fc20
URL         : http://sources.redhat.com/binutils
Summary     : A GNU collection of cross-compilation binary utilities
Description :
Binutils is a collection of binary utilities, including ar (for
creating, modifying and extracting from archives), as (a family of GNU
assemblers), gprof (for displaying call graph profile data), ld (the
GNU linker), nm (for listing symbols from object files), objcopy (for
copying and translating object files), objdump (for displaying
information from object files), ranlib (for generating an index for
the contents of an archive), readelf (for displaying detailed
information about binary files), size (for listing the section sizes
of an object or archive file), strings (for listing printable strings
from files), strip (for discarding symbols), and addr2line (for
converting addresses to file and line).

--------------------------------------------------------------------------------
Update Information:

Upgrade to binutils-2.25 thus fixing a number of security bugs
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan  7 2015 David Howells <dhowells at redhat.com> - 2.25-2
- Fix up the target for SH64 and cease mixing 32-bit SH targets with SH64.
- SH64: Work around flags not getting set on incremental link of .a into .o [binutils bz 17288].
* Mon Jan  5 2015 David Howells <dhowells at redhat.com> - 2.25-1
- Sync with binutils-2.25 to pick up fixes.
  Resolves: BZ #1162577, #1162601, #1162611, #1162625
* Thu Nov 13 2014 David Howells <dhowells at redhat.com> - 2.24-7
- Fix problems with the ar program reported in FSF PR 17533.
  Resolves: BZ #1162672, #1162659
* Wed Nov 12 2014 David Howells <dhowells at redhat.com> - 2.24-6
- Sync with binutils to pick up fixes.
- Backport binutils 2.4 upstream branch to pick up more fixes.
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.24-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jul 18 2014 David Howells <dhowells at redhat.com> - 2.24-5
- Add NIOS2 arch support.
* Mon Jun 16 2014 David Howells <dhowells at redhat.com> - 2.24-4
- Fix gcc-4.9 new compile error in m68k handler in gas.
* Wed Jun 11 2014 David Howells <dhowells at redhat.com> - 2.24-4
- Sync with binutils-2.24-15 fixing the bfd_set_section_alignment() error [BZ 1106093]
- Apply the changes on binutils-2_24-branch in git to cab6c3ee9785f072a373afe31253df0451db93cf.
* Fri Mar 28 2014 David Howells <dhowells at redhat.com> - 2.24-2
- A sysroot of / is bad, so make it /usr/<program-prefix>/sys-root/.
* Thu Mar 27 2014 David Howells <dhowells at redhat.com> - 2.24-1
- Fix formatless sprintfs in Score.
* Wed Mar 26 2014 David Howells <dhowells at redhat.com> - 2.24-1
- Update to binutils-2.24-1.
- Add metag arch support.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1162577 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162577
  [ 2 ] Bug #1162601 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162601
  [ 3 ] Bug #1162611 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162611
  [ 4 ] Bug #1162625 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC parser [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162625
  [ 5 ] Bug #1162659 - cross-binutils: binutils: directory traversal vulnerability [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162659
  [ 6 ] Bug #1162672 - cross-binutils: binutils: out of bounds memory write [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162672
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update cross-binutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list