A heap overflow was reborted [1] when running objdump on a specially crafted PE executable [2]. Upstream patches that address this are at [3] and [4]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7862 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 [4]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=acafeb6056bec47d7211cf462a7c211a8c95cf42
Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162602] Affects: epel-all [bug 1162606]
Created avr-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162599] Affects: epel-all [bug 1162604]
Created arm-none-eabi-binutils-cs tracking bugs for this issue: Affects: fedora-all [bug 1162598]
Created msp430-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162603]
Created cross-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162601] Affects: epel-all [bug 1162605]
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1162600]
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
arm-none-eabi-binutils-cs-2014.05.28-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
avr-binutils-2.24-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
avr-binutils-2.24-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
arm-none-eabi-binutils-cs-2014.05.28-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
avr-binutils-2.24-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
arm-none-eabi-binutils-cs-2014.05.28-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 1043575 [details] Amalgamted patch to fix all of the bugs referenced by PR 1712#c17
Created attachment 1043578 [details] Corrupt binary that (used to) crash objdump -x
Created attachment 1043579 [details] Second corrupt binary that (used to ) crash objdump -x
Created attachment 1043580 [details] Corrupt ELF binary that (used to) crash objdump -x
I have uploaded a patch to fix this BZ, plus the three corrupt binary files (extracted from PR 17512) that used to trigger the bugs. I am not sure what I should do next. Can someone please advise ? Cheers Nick
Nick, I'll walk you through the various process/procedural stuff Monday. Well, I'll probably send you a howto over the weekend, which you can try Monday morning and if there's questions, we can cover them in IRC Monday.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html