Add fix for CVE-2025-5244.

Resolves: RHEL-100417
This commit is contained in:
Nick Clifton 2025-06-30 17:26:38 +01:00
parent bdd2637ad2
commit d8eb7cfbb1
2 changed files with 30 additions and 1 deletions

View File

@ -0,0 +1,22 @@
# commit d1458933830456e54223d9fc61f0d9b3a19256f5
# tree 98864afbaa67a592824cc9f0c846bce8efde33c9 tree
# parent 6fe4e5bd10b996428a557e036c07c5839a8e0a49 commit | diff
# PR32858 ld segfault on fuzzed object
#
# We missed one place where it is necessary to check for empty groups.
#
# PR 32858
# * elflink.c (elf_gc_sweep): Protect against empty group.
--- binutils.orig/bfd/elflink.c 2025-06-30 15:59:11.706908490 +0100
+++ binutils-2.41/bfd/elflink.c 2025-06-30 16:00:32.282299523 +0100
@@ -14115,7 +14115,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link
if (o->flags & SEC_GROUP)
{
asection *first = elf_next_in_group (o);
- o->gc_mark = first->gc_mark;
+ if (first != NULL)
+ o->gc_mark = first->gc_mark;
}
if (o->gc_mark)

View File

@ -2,7 +2,7 @@
Summary: A GNU collection of binary utilities
Name: binutils%{?_with_debug:-debug}
Version: 2.41
Release: 56%{?dist}
Release: 57%{?dist}
License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later
URL: https://sourceware.org/binutils
@ -383,6 +383,10 @@ Patch60: binutils-s390-z17-cpu-name.patch
# Lifetime: Fixed in 2.42
Patch61: binutils-riscv-efi.patch
# Purpose: Fix a potential NULL pointer dereference when parsing a corrupt ELF file.
# Lifetime: Fixed in 2.45
Patch62: binutils-CVE-2025-5244.patch
#----------------------------------------------------------------------------
# Purpose: Workaround for an unresolved bug in ppc gcc
@ -1427,6 +1431,9 @@ exit 0
#----------------------------------------------------------------------------
%changelog
* Mon Jun 30 2025 Nick Clifton <nickc@redhat.com> - 2.41-57
- Add fix for CVE-2025-5244. (RHEL-100417)
* Mon Apr 28 2025 Andrea Bolognani <abologna@redhat.com> - 2.41-56
- Add basic support for RISC-V 64-bit EFI objects. (RHEL-88815)