~ubuntu-security/ubuntu-cve-tracker/master

Viewing changes to active/CVE-2017-14333

Committer: Leonidas S. Barbosa
Date: 2017-09-12 15:36:18 UTC
Revision ID: leo.barbosa@canonical.com-20170912153618-giv94yexe1pf0ms7

Process cves run: triaged 9 CVEs, 64 Ignored, 7 Packages

Packages with new cves:
binutils(1) gdm3(1) graphicsmagick(1) imagemagick(3) nagios3(1)
tcpreplay(1) wordpress-shibboleth(1)

files added:
active/CVE-2017-12164

active/CVE-2017-14266

active/CVE-2017-14312

active/CVE-2017-14313

active/CVE-2017-14314

active/CVE-2017-14324

active/CVE-2017-14325

active/CVE-2017-14326

active/CVE-2017-14333

files modified:
check-cves.log

ignored/not-for-us.txt

Show diffs side-by-side

added added

removed removed

active/CVE-2017-14333

Candidate: CVE-2017-14333

PublicDate: 2017-09-12

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14333

https://sourceware.org/bugzilla/show_bug.cgi?id=21990

Description:

The process_version_sections function in readelf.c in GNU Binutils 2.29

allows attackers to cause a denial of service (Integer Overflow, and hang

because of a time-consuming loop) or possibly have unspecified other impact

via a crafted binary file with invalid values of ent.vn_next, during

"readelf -a" execution.

Ubuntu-Description:

Notes:

leosilva> code in precise and trusty are quite different, needs backport

Bugs:

Priority: medium

Discovered-by:

Assigned-to:

Patches_binutils:

patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=452bf675ea772002aa86fb1d28f3474da70ee1de

upstream_binutils: needs-triage

precise/esm_binutils: needed

trusty_binutils: needed

vivid/ubuntu-core_binutils: DNE

xenial_binutils: needed

zesty_binutils: needed

devel_binutils: needed

Older »