Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1483581 - (CVE-2017-12448) CVE-2017-12448 binutils: heap use after free in bfd_cache_close function
CVE-2017-12448 binutils: heap use after free in bfd_cache_close function
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170719,repor...
: Security
Depends On: 1483603 1483604 1483605
Blocks: 1483587
  Show dependency treegraph
 
Reported: 2017-08-21 08:43 EDT by Adam Mariš
Modified: 2017-09-22 07:23 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-09-22 07:23:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Adam Mariš 2017-08-21 08:43:37 EDT 
The bfd_cache_close function in bfd/cache.c in the Binary File
Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
2.29 and earlier, allows remote attackers to cause a heap use after
free and possibly achieve code execution via a crafted nested archive
file. This issue occurs because incorrect functions are called during
an attempt to release memory. The issue can be addressed by better
input validation in the bfd_generic_archive_p function in
bfd/archive.c.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=21787

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=909e4e716c4d77e33357bbe9bc902bfaf2e1af24
Comment 1 Adam Mariš 2017-08-21 09:12:51 EDT 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1483604]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1483603]
Affects: fedora-all [bug 1483605]
Comment 2 Pedro Yóssis Silva Barbosa 2017-09-22 07:09:50 EDT 
Marked binutils in RHEL 5, 6, 7 and devtools 4, 6 and 7, as not affected.
Red Hat does not ship binutils compiled with the --enable-targets=all configuration. Therefore, Product Security Team was not able to reproduce the issue.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.