Stack overflow issue was reported [1] in SREC parser in binutils. Upstream patch that fixes this issue is at [2]. Reproducer for this is available at http://lcamtuf.coredump.cx/strings-stack-overflow - just run "strings" utility on that crafted file. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7 [2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0
Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162626] Affects: epel-all [bug 1162630]
Created avr-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162623] Affects: epel-all [bug 1162628]
Created arm-none-eabi-binutils-cs tracking bugs for this issue: Affects: fedora-all [bug 1162622]
Created msp430-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162627]
Created cross-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162625] Affects: epel-all [bug 1162629]
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1162624]
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
arm-none-eabi-binutils-cs-2014.05.28-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
avr-binutils-2.24-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
avr-binutils-2.24-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
arm-none-eabi-binutils-cs-2014.05.28-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
avr-binutils-2.24-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
arm-none-eabi-binutils-cs-2014.05.28-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Reproducer for this is available at http://lcamtuf.coredump.cx/strings-stack-overflow - just run "strings" utility on that crafted file.
Created attachment 1043598 [details] Patch imported from PR 17510
Created attachment 1043599 [details] Corrupt SREC file
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html