mirror of
https://git.yoctoproject.org/poky
synced 2026-06-01 00:59:48 +00:00
binutils: Fix CVE-2024-53589
A buffer overflow vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The vulnerability occurs in the Binary File Descriptor (BFD) library’s tekhex parser during format identification. Specifically, the issue manifests when attempting to read 8 bytes at an address that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read. Backport a patch from upstream to fix CVE-2024-53589. Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88] (From OE-Core rev: 04c6b181bf9b1babd647c642ba8598b837f1263b) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Yash Shinde
committed by
Steve Sakoman
Steve Sakoman
parent
d0a0b07574
commit
44c8d98587
@@ -35,5 +35,6 @@ SRC_URI = "\
|
||||
file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \
|
||||
file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
|
||||
file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
|
||||
file://0015-CVE-2024-53589.patch \
|
||||
"
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
Reference in New Issue
Block a user