Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Nov 2014 14:15:59 +0100
From: Vasyl Kaigorodov <vkaigoro@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: cve request: libbfd?

Hello,

In addition to the above, I'd like to request a CVE(s) for the below
issues:

Directory traversal vulnerability allowing random files deleteion/creation
Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
Upstream patch:   https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42

Out-of-bounds memory write while processing a crafted "ar" archive
Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
Upstream patch:   https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f

Thanks.
-- 
Vasyl Kaigorodov | Red Hat Product Security
PGP:  0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828
On Sat, 25 Oct 2014, Michal Zalewski wrote:

> Hey,
> 
> You may want to assign something to:
> 
> http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html
> http://sourceware.org/bugzilla/show_bug.cgi?id=17510
> 
> This is slightly complicated by the fact that libbfd is just bad in
> general and there likely are dozens of individual bugs, but the
> write-to-arbitrary-pointer issues with ELF section parsing in elf.c
> sort of stand out.
> 
> /mz

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ