binutils 2.24-5ubuntu3.1 source package in Ubuntu
Changelog
binutils (2.24-5ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read in srec_scan of bfd/srec.c
- debian/patches/binutils-CVE-2014-8484.patch: report an error for
S-records with less than the miniumum size
- debian/patches/series: disable srec_scan_null_deref.diff as it is
an incomplete fix for this issue and did not go upstream
- CVE-2014-8484
* SECURITY UPDATE: incorrect memory handling around corrupt group
section headers
- debian/patches/binutils-CVE-2014-8485.patch: Improve handling of
corrupt group sections
- CVE-2014-8485
* SECURITY UPDATE: out-of-bounds write in _bfd_XXi_swap_aouthdr_in
- debian/patches/binutils-CVE-2014-8501.patch: Handle corrupt
binaries with an invalid value for NumberOfRvaAndSizes.
- CVE-2014-8501
* SECURITY UPDATE: pe_print_edata buffer overflow
- debian/patches/binutils-CVE-2014-8502.patch: Detect out of
range and truncated rvas or entry counts
- CVE-2014-8502
* SECURITY UPDATE: ihex_scan buffer overflow
- debian/patches/binutils-CVE-2014-8503.patch: Fix typo in
invocation of ihex_bad_byte.
- CVE-2014-8503
* SECURITY UPDATE: srec_scan buffer overflow
- debian/patches/binutils-CVE-2014-8504.patch: Increase size of buf
- CVE-2014-8504
* SECURITY UPDATE: directory traversal vulnerabilities
- debian/patches/binutils-CVE-2014-8737.patch: disallow paths that
include ../
- CVE-2014-8737
* SECURITY UPDATE: _bfd_slurp_extended_name_table out-of-bounds write
- debian/patches/binutils-CVE-2014-8738.patch: Handle archives
with corrupt extended name tables.
- CVE-2014-8738
* SECURITY UPDATE: multiple miscellaneous overflows and out-of-bounds
reads and writes
- debian/patches/binutils-bz17512_prereqs.patch: cherrypicked
prerequisite commits needed to apply following patch
- debian/patches/binutils-bz17512-misc.patch: fix invalid memory
accesses.
* Security hardening: don't use libbfd by default in strings(1)
- debian/patches/binutils-harden_strings.patch: Add new command
line option --data to only scan the initialized, loadable data
sections of binaries, using libbfd; make --all the default.
-- Steve Beattie <email address hidden> Mon, 09 Feb 2015 02:09:07 -0800
Upload details
- Uploaded by:
- Steve Beattie
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- devel
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| binutils_2.24.orig.tar.gz | 29.4 MiB | 4930b2886309112c00a279483eaef2f0f8e1b1b62010e0239c16b22af7c346d4 |
| binutils_2.24-5ubuntu3.1.diff.gz | 224.3 KiB | bcbbedaa3db27ef0197141519a4ec8f35fd7dbd3c744fecd7726a99ebfae8fe8 |
| binutils_2.24-5ubuntu3.1.dsc | 2.3 KiB | 9f58c83bf2c455af4a82798d29a124dca10c76efcff3884838d7c81a36663c96 |
Available diffs
Binary packages built by this source
- binutils: GNU assembler, linker and binary utilities
The programs in this package are used to assemble, link and manipulate
binary and object files. They may be used in conjunction with a compiler
and various libraries to build programs.
- binutils-dev: GNU binary utilities (BFD development files)
This package includes header files and static libraries necessary to build
programs which use the GNU BFD library, which is part of binutils. Note
that building Debian packages which depend on the shared libbfd is Not
Allowed.
- binutils-doc: Documentation for the GNU assembler, linker and binary utilities
This package consists of the documentation for the GNU assembler,
linker and binary utilities in info format.
- binutils-multiarch: Binary utilities that support multi-arch targets
The programs in this package are used to manipulate binary and object
files that may have been created on other architectures. This package
is primarily for multi-architecture developers and cross-compilers and
is not needed by normal users or developers. Note that a cross-assembling
version of gas is not included in this package, just the binary utilities.
.
NORMAL USERS SHOULD NOT INSTALL THIS PACKAGE. It's meant only for those
requiring support for reading info from binaries from other architectures.
- binutils-multiarch-dev: GNU binary utilities that support multi-arch targets (BFD development files)
This package includes header files, static and shared libraries necessary
to build programs which use the GNU BFD library for multi-arch targets,
which is part of binutils. Note that building Debian packages which depend
on the shared libbfd is Not Allowed.
.
NORMAL USERS SHOULD NOT INSTALL THIS PACKAGE. It's meant only for those
requiring support for reading info from binaries from other architectures.
- binutils-source: GNU assembler, linker and binary utilities (source)
This package contains the sources and patches which are needed to
build binutils.
- binutils-static: statically linked binutils tools
This package contains statically linked binutils tools used
for linking kernel modules needed to mount /usr or /. At the moment,
it only contains ld.
- binutils-static-udeb: statically linked binutils tools for for the Debian installer
This package contains statically linked binutils tools used
for linking kernel modules needed to mount /usr or /. At the moment,
it only contains ld.
