import gcc-toolset-12-binutils-2.38-17.el8

SOURCES/binutils-CVE-2022-4285.patch

@@ -0,0 +1,13 @@
+--- binutils.orig/bfd/elf.c	2022-12-13 15:21:20.040233487 +0000
++++ binutils-2.39/bfd/elf.c	2022-12-13 15:22:33.580986232 +0000
+@@ -8868,7 +8868,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 	  bfd_set_error (bfd_error_file_too_big);
+ 	  goto error_return_verref;
+ 	}
+-      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
++      if (amt == 0)
++       goto error_return_verref;
++      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verref == NULL)
+ 	goto error_return_verref;
+ 

SPECS/binutils.spec

@@ -42,7 +42,7 @@
 Summary: A GNU collection of binary utilities
 Name: %{?scl_prefix}%{?cross}binutils%{?_with_debug:-debug}
 Version: 2.38
-Release: 16%{?dist}
+Release: 17%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils
 
@@ -308,6 +308,10 @@ Patch23: binutils-indirect-symbols.patch
 # Lifetime: Fixed in 2.39
 Patch24: binutils-bfd-DWARF-improvements.patch
 
+# Purpose:  Fix a illegal memory acess parsing corrupt files.
+# Lifetime: Fixed in 2.40
+Patch25: binutils-CVE-2022-4285.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -954,6 +958,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Fri Dec 16 2022 Nick Clifton  <nickc@redhat.com> - 2.38-17
+- Fix an illegal memory access parsing a corrupt ELF file.  (#2153220)
+
 * Fri Jul 01 2022 Nick Clifton  <nickc@redhat.comn> - 2.38-16
 - Fix the Provides fields of the binutils-gold and binutils-devel subpackages.  (#2103057)