Mailinglist Archive: opensuse-bugs (4295 mails)

< Previous Next >
[Bug 1038878] New: VUL-1: binutils: signed integer overflow
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 12 May 2017 13:31:28 +0000
  • Message-id: <bug-1038878-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1038878


Bug ID: 1038878
Summary: VUL-1: binutils: signed integer overflow
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Created attachment 724893
--> http://bugzilla.opensuse.org/attachment.cgi?id=724893&action=edit
binutils-signintoverflow_reproducer

Ref: https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/
=======================================================================
# readelf -a $FILE
/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/readelf.c:9447:39:
runtime error: signed integer overflow: 7443 - -9223372036854775080 cannot be
represented in type 'long'

Affected version:
master at 2017-04-12 (dunno about other versions)

Fixed version:
N/A

Reproducer:
https://github.com/asarubbo/poc/blob/master/00275-binutils-signintoverflow

Commit fix:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
=======================================================================


(open-)SUSE: https://software.opensuse.org/package/binutils

2.28 (TW, official repo)
2.26.1 (42.{1,2}, official repo)

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages