Bug 91817 - dev-libs/elfutils: heap overflow
|
Bug#:
91817
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: All
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: taviso@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
|
|
Summary: dev-libs/elfutils: heap overflow
|
|
Keywords:
|
|
Status Whiteboard: B2 [glsa] jaervosz
|
|
Opened: 2005-05-07 10:34 0000
|
see bug 91398 for details and testcase, elfutils is vulnerable to the same heap
overflow.
the same fix used in bfd can be tweaked and applied, looks like the allocation
happens around line 228 of elf_begin.c
/* Determine the number of sections. */
...
/* We can now allocate the memory. */
elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
ELF_K_ELF, scncnt * sizeof (Elf_Scn));
applying the same sanity test to the "scncnt * sizeof (Elf_Scn)" calculation
should fix it.
elfutils-0.94-r2 contains the patch.
Arches, please test and mark stable 0.94-r2 or 0.97-r1, at your choice.
x86 stable. I went with 0.94-r2 too out of sheer conservatism
Created an attachment (id=59110) [details]
elfutils-0.108-robustify.patch
Jakub Jelinek (upstream) provides the following patch to address this and other
problems. I think it obsoletes the previous patch but I'm not sure yet.
added additional 0.108 incremental patch from Jakub which solves remaining
regression failure with elfutils that we found.
This version or a 0.109 is what arches will want to mark stable in general if you
want to use upstream fixes.
Arches please test and mark 0.108 stable.
sorry for the delay.. stable on x86.. we really need more people on x86@
Waiting for binutils to be ready
Removed the old vuln ebuilds for the sake the the GLSA itself.
All arches minus mips are currently marked stable.
GLSA 200506-01
mips please remember to mark stable.
