Bug 159895 - CAN-2005-1704 Integer overflow in the Binary File Descriptor (BFD) library
Summary: CAN-2005-1704 Integer overflow in the Binary File Descriptor (BFD) library
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: binutils
Version: 3
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact:
URL:
Whiteboard: impact=low,public=20050525,reported=2...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-08 21:22 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-06-29 20:54:55 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Josh Bressers 2005-06-08 21:22:39 UTC
+++ This bug was initially created as a clone of Bug #159894 +++

Integer overflow in the BFD library for binutils allows attackers to
execute arbitrary code via a crafted object file that specifies a large number
of section headers, leading to a heap-based buffer overflow.

Comment 1 Josh Bressers 2005-06-08 21:23:08 UTC
I do not believe this issue has been fixed in FC4 yet.

Comment 2 Jakub Jelinek 2005-06-08 21:34:24 UTC
It has been:
* Wed May 25 2005 Jakub Jelinek <jakub> 2.15.94.0.2.2-2

- bfd and readelf robustification (CAN-2005-1704, #158680)

There is still the crash of objdump -r resp. objdump -dr when an object
contains invalid relocation values I fixed this week, but I don't think
we need a security errata for each such a bug.

Comment 3 Jakub Jelinek 2005-06-29 20:54:55 UTC
Updates for FC3 and FC4 released today.


Note You need to log in before you can comment on or make changes to this bug.