You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa avr-binutils

Sigurnosni nedostaci programskog paketa avr-binutils

by ncert - 0

——————————————————————————–
Fedora Update Notification
FEDORA-2014-14838
2014-11-13 16:51:44
——————————————————————————–

Name : avr-binutils
Product : Fedora 19
Version : 2.24
Release : 3.fc19
URL : http://www.gnu.org/software/binutils/
Summary : Cross Compiling GNU binutils targeted at avr
Description :
This is a Cross Compiling version of GNU binutils, which can be used to
assemble and link binaries for the avr platform, instead of for the
native x86_64 platform.

——————————————————————————–
Update Information:

– fix directory traversal vulnerability
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
– fix out of bounds memory write
——————————————————————————–
ChangeLog:

* Thu Nov 13 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-3
– fix CVE-2014-8738: out of bounds memory write
* Wed Nov 12 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-2
– fix directory traversal vulnerability (#1162657)
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
* Wed Aug 13 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-1
– updated to 2.24
* Mon Feb 3 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.2-4
– avr-binutils may be affected by libiberty CVE (#1059362)
* Tue Aug 13 2013 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.2-3
– fix tex again
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1:2.23.2-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jun 24 2013 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.2-1
– updated to 2.23.2
* Tue Jun 18 2013 Jaromir Capik <jcapik@redhat.com> – 1:2.23.1-4
– autoreconf -vif doesn’t work -> patching for aarch64 support (#925061)
* Fri Apr 19 2013 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.1-3
– fix aarch64 support (#925061)
——————————————————————————–
References:

[ 1 ] Bug #1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
[ 2 ] Bug #1162594 – CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
[ 3 ] Bug #1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
[ 4 ] Bug #1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
[ 5 ] Bug #1162666 – CVE-2014-8738 binutils: out of bounds memory write
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update avr-binutils’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-14963
2014-11-13 17:02:48
——————————————————————————–

Name : avr-binutils
Product : Fedora 20
Version : 2.24
Release : 3.fc20
URL : http://www.gnu.org/software/binutils/
Summary : Cross Compiling GNU binutils targeted at avr
Description :
This is a Cross Compiling version of GNU binutils, which can be used to
assemble and link binaries for the avr platform, instead of for the
native arm platform.

——————————————————————————–
Update Information:

– fix directory traversal vulnerability
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
– fix out of bounds memory write
——————————————————————————–
ChangeLog:

* Thu Nov 13 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-3
– fix CVE-2014-8738: out of bounds memory write
* Wed Nov 12 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-2
– fix directory traversal vulnerability (#1162657)
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
* Wed Aug 13 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.24-1
– updated to 2.24
* Mon Feb 3 2014 Michal Hlavinka <mhlavink@redhat.com> – 1:2.23.2-4
– avr-binutils may be affected by libiberty CVE (#1059362)
——————————————————————————–
References:

[ 1 ] Bug #1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
[ 2 ] Bug #1162594 – CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
[ 3 ] Bug #1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
[ 4 ] Bug #1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
[ 5 ] Bug #1162666 – CVE-2014-8738 binutils: out of bounds memory write
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update avr-binutils’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

ncert
Top
More in Preporuke
Sigurnosni propusti programskog paketa clamav

Otkrivena su dva sigurnosna propusta programskog paketa clamav za SUSE LE. Kod prvog propusta određene javascript datoteke uzrokuju pokušaje pristupanja...

Close