Package: binutils Version: 2.15-5 Severity: grave Tags: security Justification: user security hole
An integer overflow in parsing ELF segment headers has been found that affects several of binutil's binaries, such as nm, strings or objdump and can potentially be exploited to corrupt the heap and execute arbitrary code. See http://bugs.gentoo.org/show_bug.cgi?id=91398 for a crafted test binary (without malicious effects) and pointers to more information. The bug log contains a patch by SuSE's Sebastian Krahmer, which has been applied upstream. Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages binutils depends on: ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]