Mandriva

MDVSA-2015:029-1: binutils

Leave a comment

Multiple vulnerabilities has been found and corrected in binutils:

Multiple integer overflows in the (1) _objalloc_alloc function in
objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU
libiberty, as used by binutils 2.22, allow remote attackers to cause
a denial of service (crash) via vectors related to the addition of
CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer
overflow (CVE-2012-3509).

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils
before 2.25 allows remote attackers to cause a denial of service
(out-of-bounds read) via a small S-record (CVE-2014-8484).

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24
and earlier allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via crafted section group
headers in an ELF file (CVE-2014-8485).

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils
2.24 and earlier allows remote attackers to cause a denial of service
(out-of-bounds write) and possibly have other unspecified impact via a
crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable
(CVE-2014-8501).

Heap-based buffer overflow in the pe_print_edata function in
bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote
attackers to cause a denial of service (crash) and possibly have
other unspecified impact via a truncated export table in a PE file
(CVE-2014-8502).

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c
in GNU binutils 2.24 and earlier allows remote attackers to cause a
denial of service (crash) and possibly have other unspecified impact
via a crafted ihex file (CVE-2014-8503).

Stack-based buffer overflow in the srec_scan function in bfd/srec.c
in GNU binutils 2.24 and earlier allows remote attackers to cause a
denial of service (crash) and possibly have other unspecified impact
via a crafted file (CVE-2014-8504).

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and
earlier allow local users to delete arbitrary files via a .. (dot dot)
or full path name in an archive to (1) strip or (2) objcopy or create
arbitrary files via (3) a .. (dot dot) or full path name in an archive
to ar (CVE-2014-8737).

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU
binutils 2.24 and earlier allows remote attackers to cause a denial of
service (invalid write, segmentation fault, and crash) via a crafted
extended name table in an archive (CVE-2014-8738).

The updated packages provides a solution for these security issues.

Update:

Packages for Mandriva Business Server 2 are now being provided.

Leave a Reply