Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 618004 (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613)

Summary: <dev-libs/elfutils-0.169-r1: multiple vulnerabilities
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: sudormrfhalt, xmw
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa cve]
Package list:
dev-libs/elfutils-0.169-r1
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 614002, 614004    
Attachments:
Description Flags
CVE-2017-7607.patch
none
CVE-2017-7608.patch none

Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2017-05-16 06:41:32 UTC 
CVE-2017-7613 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7613):
  elflint.c in elfutils 0.168 does not validate the number of sections and the
  number of segments, which allows remote attackers to cause a denial of
  service (memory consumption) via a crafted ELF file.

CVE-2017-7612 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7612):
  The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote
  attackers to cause a denial of service (heap-based buffer over-read and
  application crash) via a crafted ELF file.

CVE-2017-7611 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7611):
  The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote
  attackers to cause a denial of service (heap-based buffer over-read and
  application crash) via a crafted ELF file.

CVE-2017-7610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7610):
  The check_group function in elflint.c in elfutils 0.168 allows remote
  attackers to cause a denial of service (heap-based buffer over-read and
  application crash) via a crafted ELF file.

CVE-2017-7609 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7609):
  elf_compress.c in elfutils 0.168 does not validate the zlib compression
  factor, which allows remote attackers to cause a denial of service (memory
  consumption) via a crafted ELF file.

CVE-2017-7608 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7608):
  The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils
  0.168 allows remote attackers to cause a denial of service (heap-based
  buffer over-read and application crash) via a crafted ELF file.

CVE-2017-7607 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7607):
  The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote
  attackers to cause a denial of service (heap-based buffer over-read and
  application crash) via a crafted ELF file.
Comment 2 Manuel Rüger (RETIRED) gentoo-dev 2017-05-24 13:17:34 UTC 
Added elfutils-0.169, arch teams please test and stabilize it.

Keywords for dev-libs/elfutils:
         |                                 |   u   |  
         | a a         p s   a     n r     |   n   |  
         | l m   h i   p p   r m m i i s   | e u s | r
         | p d a p a p c a x m i 6 o s 3   | a s l | e
         | h 6 r p 6 p 6 r 8 6 p 8 s c 9 s | p e o | p
         | a 4 m a 4 c 4 c 6 4 s k 2 v 0 h | i d t | o
---------+---------------------------------+-------+-------
[I]0.166 | + + + + + + + + + + ~ + o o + + | 5 o 0 | gentoo
   0.167 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ | 5 #   | gentoo
   0.168 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ | 5 #   | gentoo
   0.169 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ | 6 o   | gentoo
Comment 3 Michael Weber (RETIRED) gentoo-dev 2017-05-25 23:06:17 UTC 
Package list?!
Comment 4 Manuel Rüger (RETIRED) gentoo-dev 2017-05-28 21:16:15 UTC 
Please stabilize 0.169-r1 (it was revbumped straight to stable for https://bugs.gentoo.org/show_bug.cgi?id=619658 )
Comment 5 Markus Meier gentoo-dev 2017-06-01 04:33:42 UTC 
arm stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-18 21:09:26 UTC 
ia64 stable

Single test fails (ia64-specific), but its not a regression. tracked in bug #501630
Comment 7 Andrey Ovcharov 2017-06-24 00:16:44 UTC 
Created attachment 477754 [details, diff]
CVE-2017-7607.patch
Comment 8 Andrey Ovcharov 2017-06-24 00:17:10 UTC 
Created attachment 477756 [details, diff]
CVE-2017-7608.patch
Comment 9 Agostino Sarubbo gentoo-dev 2017-07-13 09:31:54 UTC 
test failures do not block security issues
Comment 10 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-15 09:59:26 UTC 
Stable on alpha.
Comment 11 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-15 10:05:54 UTC 
(In reply to Tobias Klausmann from comment #10)
> Stable on alpha.

Bullshit. Amd64 stable.
Comment 12 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-16 11:11:39 UTC 
Stable on alpha.
Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-18 21:03:32 UTC 
x86 stable
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2017-09-10 22:10:31 UTC 
sparc was dropped to exp.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
Comment 15 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-15 20:39:54 UTC 
stable for hppa (thanks to Rolf Eike Beer)
Comment 16 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-25 21:52:03 UTC 
ppc stable
Comment 17 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-26 08:59:12 UTC 
ppc64 stable
Comment 18 Andreas K. Hüttel archtester gentoo-dev 2017-10-03 20:06:55 UTC 
All stable arches done.
Comment 19 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-03 20:20:12 UTC 
(In reply to Andreas K. Hüttel from comment #18)
> All stable arches done.

Awesome, thank you all.

@Security please vote

Gentoo Security Padawan 
Christopher Díaz Riveros
Comment 20 Andreas K. Hüttel archtester gentoo-dev 2017-10-04 10:50:03 UTC 
Cleanup done. Toolchain out.
Comment 21 GLSAMaker/CVETool Bot gentoo-dev 2017-10-13 22:33:25 UTC 
This issue was resolved and addressed in
 GLSA 201710-10 at https://security.gentoo.org/glsa/201710-10
by GLSA coordinator Aaron Bauman (b-man).
Comment 22 Sergei Trofimovich (RETIRED) gentoo-dev 2017-12-13 20:11:46 UTC 
sparc stable (thanks to Rolf Eike Beer)