PublicDateAtUSN: 2014-12-09
Candidate: CVE-2014-8484
PublicDate: 2014-12-09 23:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484
 http://openwall.com/lists/oss-security/2014/10/23/4
 http://openwall.com/lists/oss-security/2014/10/23/5
 http://www.openwall.com/lists/oss-security/2014/10/26
 http://openwall.com/lists/oss-security/2014/10/26/2
 https://ubuntu.com/security/notices/USN-2496-1
Description:
 The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25
 allows remote attackers to cause a denial of service (out-of-bounds read)
 via a small S-record.
Ubuntu-Description:
Notes:
 sbeattie> last chunk of commit is to revert immediately prior commit,
 sbeattie> dropping that chunk from our patch
Bugs:
 https://sourceware.org/bugzilla/show_bug.cgi?id=17509
Priority: medium
Discovered-by: Michal Zalewski
Assigned-to: sbeattie
CVSS: 

Patches_binutils:
 upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
upstream_binutils: released (2.25)
lucid_binutils: released (2.20.1-3ubuntu7.2)
precise_binutils: released (2.22-6ubuntu1.2)
trusty_binutils: released (2.24-5ubuntu3.1)
trusty/esm_binutils: released (2.24-5ubuntu3.1)
utopic_binutils: not-affected (2.24.90.20141014-0ubuntu3)
devel_binutils: not-affected (2.24.90.20141111-2ubuntu1)