FEDORA-2014-14995

security update in Fedora 21 for avr-binutils

Status: stable 4 years ago
  • fix directory traversal vulnerability
  • fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
  • fix CVE-2014-8502: heap overflow in objdump
  • fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
  • fix CVE-2014-8504: stack overflow in the SREC parser
  • fix out of bounds memory write

Comments 16

This update has been submitted for testing by mhlavink.

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/11937/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/11937/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

This update has been pushed to testing

mhlavink has edited this update. New build(s): avr-binutils-2.24-4.fc21. Removed build(s): avr-binutils-2.24-3.fc21.

This update has been submitted for testing by mhlavink.

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/12607/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/12607/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

This update has been pushed to testing

This update has been submitted for stable by mhlavink.

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/14993/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

This update is currently being pushed to the Fedora 21 stable updates repository.

This update has been pushed to stable

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 4 years ago
in testing 4 years ago
in stable 4 years ago
modified 4 years ago

Related Bugs 10

00 #1162570 CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
00 #1162575 CVE-2014-8501 avr-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
00 #1162594 CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)
00 #1162599 CVE-2014-8502 avr-binutils: binutils: heap overflow in objdump [fedora-all]
00 #1162621 CVE-2014-8504 binutils: stack overflow in the SREC parser
00 #1162623 CVE-2014-8504 avr-binutils: binutils: stack overflow in the SREC parser [fedora-all]
00 #1162655 CVE-2014-8737 binutils: directory traversal vulnerability
00 #1162657 avr-binutils: binutils: directory traversal vulnerability [fedora-all]
00 #1162666 CVE-2014-8738 binutils: out of bounds memory write
00 #1162670 avr-binutils: binutils: out of bounds memory write [fedora-all]

Automated Test Results