binutils is vulnerable to arbitrary code execution. An integer overflow in objdump
, bfd_get_dynamic_reloc_upper_bound
and bfd_canonicalize_dynamic_reloc
allows a local attacker to execute arbitrary code.
lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
www.securityfocus.com/bid/106304
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2075
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1624776
bugzilla.redhat.com/show_bug.cgi?id=1652587
bugzilla.redhat.com/show_bug.cgi?id=1670014
bugzilla.redhat.com/show_bug.cgi?id=1699745
sourceware.org/bugzilla/show_bug.cgi?id=23994
sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
usn.ubuntu.com/4336-1/