Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Nov 2014 14:15:59 +0100
From: Vasyl Kaigorodov <>
Subject: Re: cve request: libbfd?


In addition to the above, I'd like to request a CVE(s) for the below

Directory traversal vulnerability allowing random files deleteion/creation
Upstream tracker:
Upstream patch:;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42

Out-of-bounds memory write while processing a crafted "ar" archive
Upstream tracker:
Upstream patch:;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f

Vasyl Kaigorodov | Red Hat Product Security
PGP:  0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828
On Sat, 25 Oct 2014, Michal Zalewski wrote:

> Hey,
> You may want to assign something to:
> This is slightly complicated by the fact that libbfd is just bad in
> general and there likely are dozens of individual bugs, but the
> write-to-arbitrary-pointer issues with ELF section parsing in elf.c
> sort of stand out.
> /mz

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ