[ MDVSA-2015:029-1 ] binutils

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2015:029-1
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : binutils
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in binutils:
 
 Multiple integer overflows in the (1) _objalloc_alloc function in
 objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU
 libiberty, as used by binutils 2.22, allow remote attackers to cause
 a denial of service (crash) via vectors related to the addition of
 CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer
 overflow (CVE-2012-3509).
 
 The srec_scan function in bfd/srec.c in libdbfd in GNU binutils
 before 2.25 allows remote 

Leave a Reply