PublicDateAtUSN: 2014-12-09
Candidate: CVE-2014-8737
PublicDate: 2014-12-09 23:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737
 https://ubuntu.com/security/notices/USN-2496-1
Description:
 Multiple directory traversal vulnerabilities in GNU binutils 2.24 and
 earlier allow local users to delete arbitrary files via a .. (dot dot) or
 full path name in an archive to (1) strip or (2) objcopy or create
 arbitrary files via (3) a .. (dot dot) or full path name in an archive to
 ar.
Ubuntu-Description:
Notes:
 sbeattie> second commit fixes up leaving behind temporary files even on error
Bugs:
 https://sourceware.org/bugzilla/show_bug.cgi?id=17552
Priority: medium
Discovered-by: Alexander Cherepanov
Assigned-to:
CVSS: 

Patches_binutils:
 upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
 upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5e186ece2feebb46e63ff6bb2d2490aad0d5a724
upstream_binutils: needs-triage
lucid_binutils: released (2.20.1-3ubuntu7.2)
precise_binutils: released (2.22-6ubuntu1.2)
trusty_binutils: released (2.24-5ubuntu3.1)
trusty/esm_binutils: released (2.24-5ubuntu3.1)
utopic_binutils: released (2.24.90.20141014-0ubuntu3.1)
devel_binutils: not-affected (2.25-2ubuntu1)