It was reported [1] that objdump will try to overwrite part of memory when processing a crafted "ar" archive file. Upstream patch for this is at [2]. Reproducer is available in https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c0 [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17533 [2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162673] Affects: epel-all [bug 1162678]
Created avr-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162670] Affects: epel-all [bug 1162675]
Created arm-none-eabi-binutils-cs tracking bugs for this issue: Affects: fedora-all [bug 1162669]
Created msp430-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162674]
Created cross-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162672] Affects: epel-all [bug 1162676]
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1162671]
Created attachment 957153 [details] Imported for for PR 17533
Fixed in: binutils-2.24-29.fc22 I have applied a patch (uploaded to this BZ) to the rawhide binutils. It is derived from the patches created for PR 17533, adapted to work with the rawhide sources. Ideally the patch will soon be redundant, as rawhide should be switching over to the 2.25 binutils release, once that actually happens. 2.25 already contains this patch.
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
arm-none-eabi-binutils-cs-2014.05.28-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
avr-binutils-2.24-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
avr-binutils-2.24-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
arm-none-eabi-binutils-cs-2014.05.28-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
avr-binutils-2.24-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
arm-none-eabi-binutils-cs-2014.05.28-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
binutils-2.24-30.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Reproducer is available in https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c0
cross-binutils-2.23.88.0.1-2.el7.1 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
cross-binutils-2.23.51.0.3-1.el6.1 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
I have checked in an updated patch for this issue. The previous version of the patch was missing a delta, which effectively made it useless. The new version is available in: binutils-2.23.52.0.1-55.el7
oops - I should not have changed this BZ, sorry...
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html