diff --git a/binutils.spec b/binutils.spec index 3f020250d754c46428f263b7e32d564284e5c88d..e06af62b8be7075484e6bca63c9ba689405d1d01 100644 --- a/binutils.spec +++ b/binutils.spec @@ -4,7 +4,7 @@ Summary: A GNU collection of binary utilities Name: binutils Version: 2.41 -Release: 24%{?dist} +Release: 25%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils Source0: https://ftp.gnu.org/gnu/binutils/binutils-%{version}.tar.xz @@ -23,6 +23,7 @@ Patch0011: fixed-CVE-2025-11412.patch Patch0012: fixed-CVE-2025-11413.patch Patch0013: fixed-CVE-2025-11840.patch Patch0014: 0001-Fix-aarch64-one_rosegment-init-value-missing.patch +Patch0015: fixed-CVE-2025-11839.patch Patch3000: binutils-no-config-h-check.patch Patch3001: binutils-revert-PLT-elision.patch @@ -536,6 +537,10 @@ exit 0 %changelog +* Fri Mar 13 2026 Zhao Zhen - 2.41-25 +- [TYPE] security +- [DESC] fixed CVE-2025-11839 + * Thu Dec 25 2025 Xionghu Luo - 2.41-24 - [TYPE] sync - [DESC] Fix aarch64 one_rosegment init value missing diff --git a/fixed-CVE-2025-11839.patch b/fixed-CVE-2025-11839.patch new file mode 100644 index 0000000000000000000000000000000000000000..64fb012ad149d2ff3c96d8e2144932b2fcb71d07 --- /dev/null +++ b/fixed-CVE-2025-11839.patch @@ -0,0 +1,27 @@ +From 12ef7d5b7b02d0023db645d86eb9d0797bc747fe Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Mon, 3 Nov 2025 11:49:02 +0000 +Subject: [PATCH] Remove call to abort in the DGB debug format printing code, + thus allowing the display of a fuzzed input file to complete without + triggering an abort. + +PR 33448 +--- + binutils/prdbg.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/binutils/prdbg.c b/binutils/prdbg.c +index c239aeb1a79..5d405c48e3d 100644 +--- a/binutils/prdbg.c ++++ b/binutils/prdbg.c +@@ -2449,7 +2449,6 @@ tg_tag_type (void *p, const char *name, unsigned int id, + t = "union class "; + break; + default: +- abort (); + return false; + } + +-- +2.43.7 +