Out of bounds read flaws were found in Binutils in parse_module function in bfd/vms-alpha.c Upstream fix: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
I don't think we build this in RHEL/Fedora binutils configurations. Nick, can you confirm?
(In reply to Siddhesh Poyarekar from comment #1) > I don't think we build this in RHEL/Fedora binutils configurations. Nick, > can you confirm? Almost. We do not build it for Fedora (rawhide/f37/f36) or RHEL-9. But we do build it for RHEL-8, RHEL-7 and RHEL-6. This is because, for those targets, there is a problem with the configure script for the gold linker when the s390x architecture is targeted. In order to work around this problem I configure the s390x binutils with the --enable-targets=all option, which then includes support for vms-alpha. There is a solution for this workaround which removes the need to build for all targets, and it could be backported to RHEL 8/7/6, but at the time I felt that since the workaround solves the problem, creating an update was just creating extra work.
This does not affect gdb in RHEL or Fedora; gdb does not have or build the affected code.