Описание
ELSA-2015-2079: binutils security, bug fix, and enhancement update (MODERATE)
[2.23.52.0.1-55]
- Add missing delta to patch that fixes parsing corrupted archives. (#1162666)
[2.23.52.0.1-54]
- Import patch for PR 18270: Create AArch64 GOT entries for local symbols. (#1238783)
[2.23.52.0.1-51]
- Fix incorrectly generated binaries and DSOs on PPC platforms. (#1247126)
[2.23.52.0.1-50]
- Fix memory corruption parsing corrupt archives. (#1162666)
[2.23.52.0.1-49]
- Fix directory traversal vulnerability. (#1162655)
[2.23.52.0.1-48]
- Fix stack overflow in SREC parser. (#1162621)
[2.23.52.0.1-47]
- Fix stack overflow whilst parsing a corrupt iHex file. (#1162607)
[2.23.52.0.1-46]
- Fix out of bounds memory accesses when parsing corrupt PE binaries. (#1162594, #1162570)
[2.23.52.0.1-45]
- Change strings program to default to -a. Fix problems parsing files containg corrupt ELF group sections. (#1157276)
[2.23.52.0.1-44]
-
Avoid reading beyond function boundary when disassembling. (#1060282)
-
For binary ouput, we don't have an ELF bfd output so can't access elf_elfheader. (#1226864)
[2.23.52.0.1-43]
- Don't discard stap probe note sections on aarch64 (#1225091)
[2.23.52.0.1-42]
- Clamp maxpagesize at 1 (rather than 0) to avoid segfaults in the linker when passed a bogus max-page-size argument. (#1203449)
[2.23.52.0.1-41]
- Fixup bfd elf_link_add_object_symbols for ppc64 to prevent subsequent uninitialized accesses elsewhere. (#1172766)
[2.23.52.0.1-40]
- Minor testsuite adjustments for PPC changes in -38/-39. (#1183838) Fix md_assemble for PPC to handle arithmetic involving the TOC better. (#1183838)
[2.23.52.0.1-39]
- Fix ppc64: segv in libbfd (#1172766).
[2.23.52.0.1-38]
- Unconditionally apply ppc64le patches (#1183838).
[2.23.52.0.1-37]
- Andreas's backport of z13 and dependent fixes for s390, including tesetcase fix from Apr 27, 2015. (#1182153)
[2.23.52.0.1-35]
- Fixup testsuite for AArch64 (#1182111)
- Add support for @localentry for LE PPC64 (#1194164)
[2.23.52.0.1-34]
- Do not install windmc(1) man page (#850832)
[2.23.52.0.1-33]
- Don't replace R_390_TLS_LE{32,64} with R_390_TLS_TPOFF for PIE (#872148)
- Enable relro by default for arm and aarch64 (#1203449)
- Backport 3 RELRO improvements for ppc64/ppc64le from upstream (#1175624)
[2.23.52.0.1-31]
- Backport upstream RELRO fixes. (#1200138)
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
binutils
2.23.52.0.1-55.el7
binutils-devel
2.23.52.0.1-55.el7
Ссылки на источники
Связанные уязвимости
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXi ...
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.