From ${URL} : Michal Zalewski reported an invalid read flaw in libbfd, used by, for example, the "strings" utility. Running "strings" on a malicious file could cause "strings" to crash: http://seclists.org/oss-sec/2014/q4/424 It is unclear yet if it is possible to leverage this issue for more than a crash. Dave Rutherford noted on oss-security that using certain web browsers to save a malicious file could trigger this issue and cause the browser to crash: http://seclists.org/oss-sec/2014/q4/426 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
See also: https://sourceware.org/bugzilla/show_bug.cgi?id=17509 That bug affects both 2.23.2 and 2.24-r3.
the fix is already in 2.24.90 and will be in 2.25 final when it's released. i don't see a need to stabilize/backport here though. binutils is known to be not resilient to bad inputs, so anyone using their tools/libs in security sensitive areas are doing it wrong already.
*** Bug 527616 has been marked as a duplicate of this bug. ***
*** Bug 528984 has been marked as a duplicate of this bug. ***
CVE-2014-8737 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8737): Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. CVE-2014-8504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8504): Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. CVE-2014-8503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8503): Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. CVE-2014-8502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8502): Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. CVE-2014-8501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8501): The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. CVE-2014-8485 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8485): The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. CVE-2014-8484 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8484): The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.
2.25 is in the tree now, but i don't see it being fast tracked stable-wise
(In reply to SpanKY from comment #6) > 2.25 is in the tree now, but i don't see it being fast tracked stable-wise Thanks for adding it to tree. Please call for stabilization when you consider it appropriate. Do you expect any issues when stabilizing/updating? if so, do we have a tracker bug for issues we can make a blocker for this bug?
CVE-2014-8738 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8738): The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
vapier: this has been in the tree for a while now. Can we go on with 2.25 stabilization? I don't see any 2.25 specific bugs right now. If there are blockers can you mark them to block this bug?
Adjusting summary: Gentoo repository never had v2.24.90 so the first version containing the fix which landed in the repository was =sys-devel/binutils-2.25. =sys-devel/binutils-2.25.1-r1 is the current stable version in the repository. New GLSA created. Added CVE status based on comment #5. @ Maintainer(s): Please cleanup <sys-devel/binutils-2.25. If you don't want to remove previous version please apply masks indicating a security problem.
This issue was resolved and addressed in GLSA 201612-24 at https://security.gentoo.org/glsa/201612-24 by GLSA coordinator Aaron Bauman (b-man).
@maintainer(s), reopening for cleanup.
tree is clean.