binutils (2.24.90.20141014-0ubuntu3.1) utopic-security; urgency=medium
* SECURITY UPDATE: incorrect memory handling around corrupt group
section headers
- debian/patches/binutils-CVE-2014-8485.patch: Improve handling of
corrupt group sections
- CVE-2014-8485
* SECURITY UPDATE: out-of-bounds write in _bfd_XXi_swap_aouthdr_in
- debian/patches/binutils-CVE-2014-8501.patch: Handle corrupt
binaries with an invalid value for NumberOfRvaAndSizes.
- CVE-2014-8501
* SECURITY UPDATE: pe_print_edata buffer overflow
- debian/patches/binutils-CVE-2014-8502.patch: Detect out of
range and truncated rvas or entry counts
- CVE-2014-8502
* SECURITY UPDATE: ihex_scan buffer overflow
- debian/patches/binutils-CVE-2014-8503.patch: Fix typo in
invocation of ihex_bad_byte.
- CVE-2014-8503
* SECURITY UPDATE: srec_scan buffer overflow
- debian/patches/binutils-CVE-2014-8504.patch: Increase size of buf
- CVE-2014-8504
* SECURITY UPDATE: directory traversal vulnerabilities
- debian/patches/binutils-CVE-2014-8737.patch: disallow paths that
include ../
- CVE-2014-8737
* SECURITY UPDATE: _bfd_slurp_extended_name_table out-of-bounds write
- debian/patches/binutils-CVE-2014-8738.patch: Handle archives
with corrupt extended name tables.
- CVE-2014-8738
* SECURITY UPDATE: multiple miscellaneous overflows and out-of-bounds
reads and writes
- debian/patches/binutils-bz17512-misc.patch: fix invalid memory
accesses.
* Security hardening: don't use libbfd by default in strings(1)
- debian/patches/binutils-harden_strings.patch: Add new command
line option --data to only scan the initialized, loadable data
sections of binaries, using libbfd; make --all the default.
Date: 2015-02-09 11:32:19.928044+00:00
Changed-By: Steve Beattie <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/binutils/2.24.90.20141014-0ubuntu3.1
Sorry, changesfile not available.
--
Utopic-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.canonical.com/mailman/listinfo/utopic-changes
