Bug 1059361
| Summary: | CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary [fedora-all] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Toshio Ernie Kuratomi <a.badger> |
| Component: | sdcc | Assignee: | Jaromír Cápík <jcapik> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | alain.portal, hdegoede, ignatenko, ovasik, rrankin |
| Target Milestone: | --- | Keywords: | SecurityTracking |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | fst_owner=ignatenkobrain | ||
| Fixed In Version: | sdcc-3.2.0-1.el6 | Doc Type: | Release Note |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-08-13 00:39:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 849693 | ||
|
Description
Toshio Ernie Kuratomi
2014-01-29 17:42:38 UTC
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. AFFECTED!
sdar.debug
00000000004333f0 T _objalloc_alloc
sdnm.debug
0000000000430e70 T _objalloc_alloc
sdobjcopy.debug
000000000044f110 T _objalloc_alloc
sdranlib.debug
00000000004333f0 T _objalloc_alloc
[brain@X1Carbon sdcc-3.3.0]$ cat ./support/sdbinutils/libiberty/objalloc.c | grep _objalloc_alloc -A2
_objalloc_alloc (struct objalloc *o, unsigned long len)
{
/* We avoid confusion from zero sized objects by always allocating
You want to apply patches below to:
./support/sdbinutils/libiberty/objalloc.c
./support/sdbinutils/include/objalloc.h
Patches:
https://gcc.gnu.org/viewcvs/gcc/trunk/include/objalloc.h?r1=191413&r2=191412&pathrev=191413
https://gcc.gnu.org/viewcvs/gcc/trunk/libiberty/objalloc.c?r1=191413&r2=191412&pathrev=191413
Please use the following update submission link to create the Bodhi
request for this issue as it contains the top-level parent bug(s) as well
as this tracking bug. This will ensure that all associated bugs get
updated when new packages are pushed to stable.
Please also ensure that the "Close bugs when update is stable" option
remains checked.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1059361
Also 3.4.0 already available in upstream, but it will not fix this issue. Submitted upstream bugreport[0]. [0]https://sourceforge.net/p/sdcc/bugs/2284/ sdcc-3.3.0-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/sdcc-3.3.0-1.fc20 sdcc-3.3.0-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/sdcc-3.3.0-1.fc19 sdcc-3.2.0-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/sdcc-3.2.0-1.el6 Package sdcc-3.2.0-1.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing sdcc-3.2.0-1.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1923/sdcc-3.2.0-1.el6 then log in and leave karma (feedback). sdcc-3.3.0-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. sdcc-3.3.0-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. sdcc-3.2.0-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |