Wind River Support Network

HomeDefectsLIN8-6412

Fixed

LIN8-6412 : Security Advisory - binutils - CVE-2017-7300

Created: Apr 12, 2017 Updated: Dec 3, 2018

Resolved Date: Jul 28, 2017

Found In Version: 8.0.0.16

Fix Version: 8.0.0.20

Severity: Standard

Applicable for: Wind River Linux 8

Component/s: Userspace

Description

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7300

Other Downloads

Wind River Linux 8.0.0.20
Wind River Linux 8.0.0.21
Wind River Linux 8.0.0.22
Wind River Linux 8.0.0.23
Wind River Linux 8.0.0.24
Wind River Linux 8.0.0.25
Wind River Linux 8.0.0.26
Wind River Linux 8.0.0.27
Wind River Linux 8.0.0.28
Wind River Linux 8.0.0.29
Wind River Linux 8.0.0.30
Wind River Linux 8.0.0.31
Wind River Linux 8.0.0.32
Wind River Linux 8.0.0.33
Wind River Linux 8.0.0.34

CVEs

CVE-2017-7300