fix CVE-20240-25260
Signed-off-by: liweigang <liweiganga@uniontech.com>
This commit is contained in:
liweigang
parent
81e5f33276
commit
a82d9bdf53
35
CVE-2024-25260.patch
Normal file
35
CVE-2024-25260.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 373f5212677235fc3ca6068b887111554790f944 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mark Wielaard <mark@klomp.org>
|
||||||
|
Date: Mon, 13 Nov 2023 22:38:10 +0100
|
||||||
|
Subject: [PATCH] backends: Fix arm_machine_flag_name version string.
|
||||||
|
|
||||||
|
arm_machine_flag_name checks the version byte and if not zero returns
|
||||||
|
a version string. There are only 5 versions defined. So check the
|
||||||
|
version byte is not larger.
|
||||||
|
|
||||||
|
* backends/arm_machineflagname.c (arm_machine_flag_name):
|
||||||
|
Check version <= 0, otherwise return NULL.
|
||||||
|
|
||||||
|
https://sourceware.org/bugzilla/show_bug.cgi?id=31058
|
||||||
|
|
||||||
|
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
||||||
|
---
|
||||||
|
backends/arm_machineflagname.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/backends/arm_machineflagname.c b/backends/arm_machineflagname.c
|
||||||
|
index e93092aee..d700d5f4b 100644
|
||||||
|
--- a/backends/arm_machineflagname.c
|
||||||
|
+++ b/backends/arm_machineflagname.c
|
||||||
|
@@ -48,7 +48,7 @@ arm_machine_flag_name (Elf64_Word orig, Elf64_Word *flagref)
|
||||||
|
"Version5 EABI",
|
||||||
|
};
|
||||||
|
*flagref &= ~((Elf64_Word) EF_ARM_EABIMASK);
|
||||||
|
- return vername[version - 1];
|
||||||
|
+ return version <= 5 ? vername[version - 1] : NULL;
|
||||||
|
}
|
||||||
|
switch (EF_ARM_EABI_VERSION (orig))
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
# -*- rpm-spec from http://elfutils.org/ -*-
|
# -*- rpm-spec from http://elfutils.org/ -*-
|
||||||
Name: elfutils
|
Name: elfutils
|
||||||
Version: 0.190
|
Version: 0.190
|
||||||
Release: 1
|
Release: 2
|
||||||
Summary: A collection of utilities and DSOs to handle ELF files and DWARF data
|
Summary: A collection of utilities and DSOs to handle ELF files and DWARF data
|
||||||
URL: http://elfutils.org/
|
URL: http://elfutils.org/
|
||||||
License: GPLv3+ and (GPLv2+ or LGPLv3+)
|
License: GPLv3+ and (GPLv2+ or LGPLv3+)
|
||||||
@ -9,6 +9,7 @@ Source: https://sourceware.orgelfutils/ftp/%{version}/elfutils-%{version}.tar.bz
|
|||||||
|
|
||||||
Patch0: Fix-segfault-in-eu-ar-m.patch
|
Patch0: Fix-segfault-in-eu-ar-m.patch
|
||||||
Patch1: Fix-issue-of-moving-files-by-ar-or-br.patch
|
Patch1: Fix-issue-of-moving-files-by-ar-or-br.patch
|
||||||
|
Patch2: CVE-2024-25260.patch
|
||||||
|
|
||||||
Requires: elfutils-libelf = %{version}-%{release}
|
Requires: elfutils-libelf = %{version}-%{release}
|
||||||
Requires: elfutils-libs = %{version}-%{release}
|
Requires: elfutils-libs = %{version}-%{release}
|
||||||
@ -322,6 +323,12 @@ exit 0
|
|||||||
%systemd_postun_with_restart debuginfod.service
|
%systemd_postun_with_restart debuginfod.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 22 2024 liweigang <venland30@gmail.com> - 0.190-2
|
||||||
|
- Type: CVE
|
||||||
|
- CVE: CVE-2024-25260
|
||||||
|
- SUG: NA
|
||||||
|
- DESC: fix CVE-2024-25260
|
||||||
|
|
||||||
* Thu Jan 25 2024 shixuantong <shixuantong1@huawei.com> - 0.190-1
|
* Thu Jan 25 2024 shixuantong <shixuantong1@huawei.com> - 0.190-1
|
||||||
- Type:bugfix
|
- Type:bugfix
|
||||||
- CVE:NA
|
- CVE:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user