oss-sec mailing list archives
Re: cve request: libbfd?
From: Vasyl Kaigorodov <vkaigoro () redhat com>
Date: Tue, 11 Nov 2014 14:15:59 +0100
Hello, In addition to the above, I'd like to request a CVE(s) for the below issues: Directory traversal vulnerability allowing random files deleteion/creation Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42 Out-of-bounds memory write while processing a crafted "ar" archive Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 On Sat, 25 Oct 2014, Michal Zalewski wrote:
Hey, You may want to assign something to: http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html http://sourceware.org/bugzilla/show_bug.cgi?id=17510 This is slightly complicated by the fact that libbfd is just bad in general and there likely are dozens of individual bugs, but the write-to-arbitrary-pointer issues with ELF section parsing in elf.c sort of stand out. /mz
Attachment:
_bin
Description:
Current thread:
- cve request: libbfd? Michal Zalewski (Oct 25)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 11)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 21)
- Re: cve request: libbfd? Alexander Cherepanov (Nov 21)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 21)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 11)