Advisories » MGASA-2014-0346

Updated sdcc packages fix a security vulnerability

Publication date: 22 Aug 2014
Modification date: 22 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2012-3509

Description

Integer overflow, leading to heap-buffer overflow by processing certain
file headers via bfd binary. (CVE-2012-3509)

A nonfree package is also now available, which provides components that
cannot be included in the core repository.

In addition, this update obsoletes sdcc2.9, which is old and probably has
the same security vulnerability.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13841
• https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136230.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3509

SRPMS

4/nonfree

• sdcc-3.4.0-6.mga4.nonfree

4/core

• sdcc-3.4.0-6.mga4

3/core

• sdcc-3.4.0-6.mga3

3/nonfree

• sdcc-3.4.0-6.mga3.nonfree