CVE-2014-8737
Published: 9 December 2014
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
Notes
Author | Note |
---|---|
sbeattie | second commit fixes up leaving behind temporary files even on error |
Priority
Status
Package | Release | Status |
---|---|---|
binutils Launchpad, Ubuntu, Debian |
lucid |
Released
(2.20.1-3ubuntu7.2)
|
precise |
Released
(2.22-6ubuntu1.2)
|
|
trusty |
Released
(2.24-5ubuntu3.1)
|
|
upstream |
Needs triage
|
|
utopic |
Released
(2.24.90.20141014-0ubuntu3.1)
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42 upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5e186ece2feebb46e63ff6bb2d2490aad0d5a724 |