Mailinglist Archive: opensuse-bugs (4292 mails)

< Previous Next >
[Bug 1037066] New: VUL-0: CVE-2017-8396: binutils: libbfd: heap buffer overflow in objdump
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 01 May 2017 22:21:08 +0000
  • Message-id: <bug-1037066-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1037066


Bug ID: 1037066
Summary: VUL-0: CVE-2017-8396: binutils: libbfd: heap buffer
overflow in objdump
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Created attachment 723331
--> http://bugzilla.opensuse.org/attachment.cgi?id=723331&action=edit
21432_upstream_crash_info

Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8396
====================================================
Description

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing
reloc offset range tests didn't catch small negative offsets less than the size
of the reloc field. This vulnerability causes programs that conduct an analysis
of binary programs using the libbfd library, such as objdump, to crash.
====================================================

Hyperlink

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=21432

[2]
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab
(see https://sourceware.org/bugzilla/show_bug.cgi?id=21432#c2)


(open-)SUSE: https://software.opensuse.org/package/binutils

2.28 (TW, official repo)
2.26.1 (42.{1,2}, official repo)

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >