diff --git a/backport-CVE-2025-3198.patch b/backport-CVE-2025-3198.patch new file mode 100644 index 0000000000000000000000000000000000000000..1125eb984a98e2576d647e5f93938c30ac64e847 --- /dev/null +++ b/backport-CVE-2025-3198.patch @@ -0,0 +1,26 @@ +From ba6ad3a18cb26b79e0e3b84c39f707535bbc344d Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 19 Feb 2025 07:58:54 +1030 +Subject: [PATCH] PR32716, objdump -i memory leak + + PR binutils/32716 + * bucomm.c (display_info): Free arg.info. +--- + binutils/bucomm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/binutils/bucomm.c b/binutils/bucomm.c +index ccf54099154..d4554737db1 100644 +--- a/binutils/bucomm.c ++++ b/binutils/bucomm.c +@@ -435,6 +435,7 @@ display_info (void) + if (!arg.error) + display_target_tables (&arg); + ++ free (arg.info); + return arg.error; + } + +-- +2.43.5 + diff --git a/binutils.spec b/binutils.spec index c35996bb049c13c2125dd18e9f2e42f400236de1..713723c7b0705e627401aba137d47da0c38b4dc0 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?_with_debug:-debug} Version: 2.41 -Release: 14 +Release: 15 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later URL: https://sourceware.org/binutils @@ -366,6 +366,10 @@ Patch5010: nm-Avoid-potential-segmentation-fault-when-displaying.patch # Lifetime: Fixed in 2.44 Patch5011: backport-CVE-2025-0840.patch +# Purpose: PR32716, objdump -i memory leak +# Lifetime: fixed in master +Patch5012: backport-CVE-2025-3198.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -1380,6 +1384,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Thu May 22 2025 Linux_zhang - 2.41-15 +- Fix CVE-2025-3198: Memory leak issue in objdump + * Thu Jan 30 2025 Funda Wang - 2.41-14 - Fix CVE-2024-57360: nm: Avoid potential segmentation fault when displaying symbols without version info.