Red Hat Bugzilla – Bug 159895
CAN-2005-1704 Integer overflow in the Binary File Descriptor (BFD) library
Last modified: 2007-11-30 17:11:07 EST
+++ This bug was initially created as a clone of Bug #159894 +++
Integer overflow in the BFD library for binutils allows attackers to
execute arbitrary code via a crafted object file that specifies a large number
of section headers, leading to a heap-based buffer overflow.
I do not believe this issue has been fixed in FC4 yet.
It has been:
* Wed May 25 2005 Jakub Jelinek <email@example.com> 220.127.116.11.2.2-2
- bfd and readelf robustification (CAN-2005-1704, #158680)
There is still the crash of objdump -r resp. objdump -dr when an object
contains invalid relocation values I fixed this week, but I don't think
we need a security errata for each such a bug.
Updates for FC3 and FC4 released today.