FEDORA-2014-14995 — security update for avr-binutils

stable

avr-binutils-2.24-4.fc21

FEDORA-2014-14995 created by mhlavink 10 years ago for Fedora 21

fix directory traversal vulnerability
fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
fix CVE-2014-8502: heap overflow in objdump
fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
fix CVE-2014-8504: stack overflow in the SREC parser
fix out of bounds memory write

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2014-14995

This update has been submitted for testing by mhlavink.

10 years ago

taskotron commented 10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/11937/steps/runtask/logs/stdio (results are informative only)

taskotron commented 10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/11937/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

mhlavink has edited this update. New build(s): avr-binutils-2.24-4.fc21. Removed build(s): avr-binutils-2.24-3.fc21.

10 years ago

This update has been submitted for testing by mhlavink.

10 years ago

taskotron commented 10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/12607/steps/runtask/logs/stdio (results are informative only)

taskotron commented 10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/12607/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

This update has been submitted for stable by mhlavink.

10 years ago

taskotron commented 10 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/14993/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

10 years ago

This update is currently being pushed to the Fedora 21 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please log in to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

10 years ago

in testing

10 years ago

in stable

10 years ago

modified

10 years ago

Builds

avr-binutils-2.24-4.fc21

BZ#1162570 CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable

BZ#1162575 CVE-2014-8501 avr-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]

BZ#1162594 CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)

BZ#1162599 CVE-2014-8502 avr-binutils: binutils: heap overflow in objdump [fedora-all]

BZ#1162621 CVE-2014-8504 binutils: stack overflow in the SREC parser

BZ#1162623 CVE-2014-8504 avr-binutils: binutils: stack overflow in the SREC parser [fedora-all]

BZ#1162655 CVE-2014-8737 binutils: directory traversal vulnerability

BZ#1162657 avr-binutils: binutils: directory traversal vulnerability [fedora-all]

BZ#1162666 CVE-2014-8738 binutils: out of bounds memory write

BZ#1162670 avr-binutils: binutils: out of bounds memory write [fedora-all]

avr-binutils-2.24-4.fc21

Automated Test Results

None