Fedora alert FEDORA-2014-14833 (arm-none-eabi-binutils-cs)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 20 Update: arm-none-eabi-binutils-cs-2014.05.28-3.fc20 | |
| Date: | Sat, 06 Dec 2014 02:37:17 +0000 | |
| Message-ID: | <20141206023734.8945860D05F6@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-14833 2014-11-13 16:51:31 -------------------------------------------------------------------------------- Name : arm-none-eabi-binutils-cs Product : Fedora 20 Version : 2014.05.28 Release : 3.fc20 URL : http://www.codesourcery.com/sgpp/lite/arm Summary : GNU Binutils for cross-compilation for arm-none-eabi target Description : This is a cross-compilation version of GNU Binutils, which can be used to assemble and link binaries for the arm-none-eabi platform. This Binutils package is based on the CodeSourcery 2014.05-28 release, which includes improved ARM target support compared to the corresponding FSF release. CodeSourcery contributes their changes to the FSF, but it takes a while for them to get merged. For the ARM target, effectively CodeSourcery is upstream of FSF. -------------------------------------------------------------------------------- Update Information: - fix directory traversal vulnerability (#1162657) - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable - fix CVE-2014-8502: heap overflow in objdump - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file - fix CVE-2014-8504: stack overflow in the SREC parser - fix out of bounds memory write -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Michal Hlavinka <mhlavink@redhat.com> - 2014.05.28-3 - fix CVE-2014-8738: out of bounds memory write * Wed Nov 12 2014 Michal Hlavinka <mhlavink@redhat.com> - 2014.05.28-2 - fix directory traversal vulnerability (#1162657) - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable - fix CVE-2014-8502: heap overflow in objdump - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file - fix CVE-2014-8504: stack overflow in the SREC parser * Mon Jan 13 2014 Michal Hlavinka <mhlavink@redhat.com> - 2013.11.24-1 - updated to 2013.11-24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162655 - CVE-2014-8737 binutils: directory traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1162655 [ 2 ] Bug #1162594 - CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485) https://bugzilla.redhat.com/show_bug.cgi?id=1162594 [ 3 ] Bug #1162621 - CVE-2014-8504 binutils: stack overflow in the SREC parser https://bugzilla.redhat.com/show_bug.cgi?id=1162621 [ 4 ] Bug #1162570 - CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable https://bugzilla.redhat.com/show_bug.cgi?id=1162570 [ 5 ] Bug #1162666 - CVE-2014-8738 binutils: out of bounds memory write https://bugzilla.redhat.com/show_bug.cgi?id=1162666 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update arm-none-eabi-binutils-cs' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...