From 72e4c3d2503790d2b9928656870d883f41736d26 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 16 2023 06:11:37 +0000 Subject: import gcc-toolset-12-binutils-2.38-17.el8 --- diff --git a/SOURCES/binutils-CVE-2022-4285.patch b/SOURCES/binutils-CVE-2022-4285.patch new file mode 100644 index 0000000..191e6f1 --- /dev/null +++ b/SOURCES/binutils-CVE-2022-4285.patch @@ -0,0 +1,13 @@ +--- binutils.orig/bfd/elf.c 2022-12-13 15:21:20.040233487 +0000 ++++ binutils-2.39/bfd/elf.c 2022-12-13 15:22:33.580986232 +0000 +@@ -8868,7 +8868,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + diff --git a/SPECS/binutils.spec b/SPECS/binutils.spec index 642fe75..3856efb 100644 --- a/SPECS/binutils.spec +++ b/SPECS/binutils.spec @@ -42,7 +42,7 @@ Summary: A GNU collection of binary utilities Name: %{?scl_prefix}%{?cross}binutils%{?_with_debug:-debug} Version: 2.38 -Release: 16%{?dist} +Release: 17%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -308,6 +308,10 @@ Patch23: binutils-indirect-symbols.patch # Lifetime: Fixed in 2.39 Patch24: binutils-bfd-DWARF-improvements.patch +# Purpose: Fix a illegal memory acess parsing corrupt files. +# Lifetime: Fixed in 2.40 +Patch25: binutils-CVE-2022-4285.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -954,6 +958,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Fri Dec 16 2022 Nick Clifton - 2.38-17 +- Fix an illegal memory access parsing a corrupt ELF file. (#2153220) + * Fri Jul 01 2022 Nick Clifton - 2.38-16 - Fix the Provides fields of the binutils-gold and binutils-devel subpackages. (#2103057)