Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Sep 2017 13:20:15 +0300
From: Efraim Flashner <efraim@...shner.co.il>
To: oss-security@...ts.openwall.com
Subject: Re: binutils: heap-based buffer overflow in
 _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c)

On Tue, Sep 26, 2017 at 07:03:41AM +0000, Agostino Sarubbo wrote:
> 
> Affected version:
> 2.29.51.20170921 and maybe past releases
> 

As best as I can see, it looks like the bug was introduced after the
2.28 series was frozen/split-off, and there is no part of the patch that
applies to the 2.28.1 release.

I have not, however, tried the reproducer.

-- 
Efraim Flashner   <efraim@...shner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ