diff --git a/binutils-CVE-2025-7546.patch b/binutils-CVE-2025-7546.patch new file mode 100644 index 0000000..9527ad4 --- /dev/null +++ b/binutils-CVE-2025-7546.patch @@ -0,0 +1,38 @@ +From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:52:00 +0800 +Subject: [PATCH] elf: Report corrupted group section + +Report corrupted group section instead of trying to recover. + + PR binutils/33050 + * elf.c (bfd_elf_set_group_contents): Report corrupted group + section. + +Signed-off-by: H.J. Lu +--- + bfd/elf.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +--- binutils.orig/bfd/elf.c 2025-12-16 12:33:34.627390340 +0000 ++++ binutils-2.35.2/bfd/elf.c 2025-12-16 12:36:53.274123682 +0000 +@@ -3667,8 +3667,18 @@ bfd_elf_set_group_contents (bfd *abfd, a + break; + } + ++ /* We should always get here with loc == sec->contents + 4. Return ++ an error for bogus SHT_GROUP sections. */ + loc -= 4; +- BFD_ASSERT (loc == sec->contents); ++ if (loc != sec->contents) ++ { ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"), ++ abfd, sec); ++ bfd_set_error (bfd_error_bad_value); ++ *failedptr = TRUE; ++ return; ++ } + + H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc); + } diff --git a/binutils.spec b/binutils.spec index e8ee60e..3d2d941 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?_with_debug:-debug} Version: 2.35.2 -Release: 69%{?dist} +Release: 71%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -538,6 +538,11 @@ Patch106: binutils-execstack-error-tests.patch # Lifetime: Fixed in 2.46 Patch107: binutils-CVE-2025-11083.patch +# Purpose: Stops a potential illegal memory access when copying a corrupt +# input file. PR 33050 +# Lifetime: Fixed in 2.46 +Patch108: binutils-CVE-2025-7546.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -1397,6 +1402,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Tue Dec 16 2025 Nick Clifton - 2.35.2-71 +- Fix a potential illegal memory access when copying a corrupt input file. (RHEL-132287) + * Tue Nov 11 2025 Nick Clifton - 2.35.2-69 - Fix a potential illegal memory access when linking a corrupt input file. (RHEL-126883)