Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 12 Aug 2015 09:43:24 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com
Subject: CVE Request: libbfd in binutils (was: strings /libbfd crash)

On 2015-07-31 12:21:31, Tyler Hicks wrote:
> On 2014-11-04 05:21:42, Joshua Rogers wrote:
> > I'd like to expand on this:
> > http://openwall.com/lists/oss-security/2014/10/27/4
> > and mention that 'ihex.c' is also vulnerable to the same thing, as they
> > share the same code.
> > 
> > > :10010000214601360121470136007EFE09D2190140
> > > :100110002146017E17C0001FF5F16002148011928
> > > :10012000194E79234623965778239EDA3F01B2CAA7
> > > :100130003F0156702B5E712B722B732146013421C7
> > > :00000001Ff
> > 
> > is an example of code that will crash it.
> 
> This was never fixed upstream. I've opened a bug and attached a patch:
> 
>   https://sourceware.org/bugzilla/show_bug.cgi?id=18750
> 
> I think this deserves CVE assignment since the srec.c issue was assigned
> CVE-2014-8504 and it is very similar in nature.

Ping on this CVE request since it wasn't clear that I was requesting one
in the last email.

A fix has been committed upstream:

  https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b

Thanks!

Tyler

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ