[ubuntu/trusty-updates] binutils 2.24-5ubuntu3.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Feb 9 21:28:19 UTC 2015 

binutils (2.24-5ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read in srec_scan of bfd/srec.c
    - debian/patches/binutils-CVE-2014-8484.patch: report an error for
      S-records with less than the miniumum size
    - debian/patches/series: disable srec_scan_null_deref.diff as it is
      an incomplete fix for this issue and did not go upstream
    - CVE-2014-8484
  * SECURITY UPDATE: incorrect memory handling around corrupt group
    section headers
    - debian/patches/binutils-CVE-2014-8485.patch: Improve handling of
      corrupt group sections
    - CVE-2014-8485
  * SECURITY UPDATE: out-of-bounds write in _bfd_XXi_swap_aouthdr_in
    - debian/patches/binutils-CVE-2014-8501.patch: Handle corrupt
      binaries with an invalid value for NumberOfRvaAndSizes.
    - CVE-2014-8501
  * SECURITY UPDATE: pe_print_edata buffer overflow
    - debian/patches/binutils-CVE-2014-8502.patch: Detect out of
      range and truncated rvas or entry counts
    - CVE-2014-8502
  * SECURITY UPDATE: ihex_scan buffer overflow
    - debian/patches/binutils-CVE-2014-8503.patch: Fix typo in
      invocation of ihex_bad_byte.
    - CVE-2014-8503
  * SECURITY UPDATE: srec_scan buffer overflow
    - debian/patches/binutils-CVE-2014-8504.patch: Increase size of buf
    - CVE-2014-8504
  * SECURITY UPDATE: directory traversal vulnerabilities
    - debian/patches/binutils-CVE-2014-8737.patch: disallow paths that
      include ../
    - CVE-2014-8737
  * SECURITY UPDATE: _bfd_slurp_extended_name_table out-of-bounds write
    - debian/patches/binutils-CVE-2014-8738.patch: Handle archives
      with corrupt extended name tables.
    - CVE-2014-8738
  * SECURITY UPDATE: multiple miscellaneous overflows and out-of-bounds
    reads and writes
    - debian/patches/binutils-bz17512_prereqs.patch: cherrypicked
      prerequisite commits needed to apply following patch
    - debian/patches/binutils-bz17512-misc.patch: fix invalid memory
      accesses.
  * Security hardening: don't use libbfd by default in strings(1)
    - debian/patches/binutils-harden_strings.patch: Add new command
      line option --data to only scan the initialized, loadable data
      sections of binaries, using libbfd; make --all the default.

Date: 2015-02-09 11:14:11.574333+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/binutils/2.24-5ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list