binutils: Fix CVE-2024-53589 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yash Shinde <Yash.Shinde@windriver.com>	2024-12-12 06:37:15 -0800
committer	Steve Sakoman <steve@sakoman.com>	2024-12-23 05:46:32 -0800
commit	1e47fd8e4427f9d84048139804f75b83471bab28 (patch)
tree	f56a18fe106b8d428174dba2de073bf2d161cd4d /documentation/conf.py
parent	aee2a47dd999c89811647260db4170e821c04733 (diff)
download	poky-1e47fd8e4427f9d84048139804f75b83471bab28.tar.gz

binutils: Fix CVE-2024-53589

A buffer overflow vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The vulnerability occurs in the Binary File Descriptor (BFD) library’s tekhex parser during format identification. Specifically, the issue manifests when attempting to read 8 bytes at an address that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read. Backport a patch from upstream to fix CVE-2024-53589. Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88] (From OE-Core rev: 15635eb807ea1cbf0fd04e0cbe9cf169df107a05) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/conf.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: