[Secure-testing-team] Integer overflow in applications parsing ELF headers
Joey Hess
joeyh at debian.org
Wed May 11 13:43:02 UTC 2005
Moritz Muehlenhoff wrote:
> It's been discovered that a wide range of applications parsing ELF segment
> headers are vulnerable to an integer overflow when allocating memory for
> segment headers. Applications already known to be affected are:
> binutils
> elfutils
> gdb
> ht (already filed a minute ago)
> prelink
>
> Are there other applications inside Debian embedding BFD or parsing ELF
> binaries with their own code?
Newer versions of rpm than the one in Debian contain a copy of elfutils,
haven't checked it.
Here's everything that build depends on binutils-dev:
acl2
alleyoop
axiom
crash
fenris
gccchecker
gcl
gclcvs
ggcov
insight
kdebindings
kdesdk
kmd
ksymoops
lcrash
ltrace
lush
maxima
memprof
mol
mpatrol
nitpic
nmap
oprofile
oprofile-source
kernel-patch-kdb
"Note that building Debian packages which depend on the shared libbfd is
Not Allowed." *sigh*!
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050511/1549b48f/attachment.pgp
More information about the Secure-testing-team
mailing list