Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 632384 (CVE-2017-14930, CVE-2017-14932, CVE-2017-14934)

Summary: <sys-devel/binutils-2.29.1-r1 : infinite loops cause multiple denial of services through crafted ELF file
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://sourceware.org/bugzilla/show_bug.cgi?id=22219
Whiteboard: A3 [glsa cve]
Package list:
Runtime testing required: ---

Description Aleksandr Wagner (Kivak) 2017-09-29 14:39:39 UTC
CVE-2017-14930 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930):

Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. 

References:

https://sourceware.org/bugzilla/show_bug.cgi?id=22191

CVE-2017-14932 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932):

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. 

References:

https://sourceware.org/bugzilla/show_bug.cgi?id=22204
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005

CVE-2017-14933 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933):

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. 

References:

https://sourceware.org/bugzilla/show_bug.cgi?id=22210
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32

CVE-2017-14934 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934):

process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. 

References:

https://sourceware.org/bugzilla/show_bug.cgi?id=22219
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2017-10-11 20:56:53 UTC
(In reply to Aleksandr Wagner (Kivak) from comment #0)
> CVE-2017-14930
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930):
> 
> Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor
> (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows
> remote attackers to cause a denial of service (memory consumption) via a
> crafted ELF file. 
> 
> References:
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=22191

Patch added to gentoo/binutils-2.29.1 branch

> 
> CVE-2017-14932
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932):
> 
> decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library
> (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers
> to cause a denial of service (infinite loop) via a crafted ELF file. 
> 
> References:
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=22204
> https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;
> h=e338894dc2e603683bed2172e8e9f25b29051005

Patch added to gentoo/binutils-2.29.1 branch

> 
> CVE-2017-14933
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933):
> 
> read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD)
> library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote
> attackers to cause a denial of service (infinite loop) via a crafted ELF
> file. 
> 
> References:
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=22210
> https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;
> h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573
> https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;
> h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32
>

Doesn't trivially apply to 2.29.1. Deferred.

> 
> CVE-2017-14934
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934):
> 
> process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library
> (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers
> to cause a denial of service (infinite loop) via a crafted ELF file that
> contains a negative size value in a CU structure. 
> 
> References:
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=22219
> https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;
> h=19485196044b2521af979f1e5c4a89bfb90fba0b

Patch added to gentoo/binutils-2.29.1 branch
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2017-10-13 18:40:13 UTC
Splitting CVE-2017-14933 off into separate bug.
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2017-10-13 18:43:42 UTC
> (In reply to Aleksandr Wagner (Kivak) from comment #0)
> > CVE-2017-14930
> > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930):
> > 
> > Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor
> > (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows
> > remote attackers to cause a denial of service (memory consumption) via a
> > crafted ELF file. 
> > 
> > References:
> > 
> > https://sourceware.org/bugzilla/show_bug.cgi?id=22191
> 
> Patch added to gentoo/binutils-2.29.1 branch

Fixed in 2.29.1-r1

> > CVE-2017-14932
> > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932):
> > 
> > decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library
> > (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers
> > to cause a denial of service (infinite loop) via a crafted ELF file. 
> > 
> > References:
> > 
> > https://sourceware.org/bugzilla/show_bug.cgi?id=22204
> > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;
> > h=e338894dc2e603683bed2172e8e9f25b29051005
> 
> Patch added to gentoo/binutils-2.29.1 branch

Fixed in 2.29.1-r1

> > CVE-2017-14934
> > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934):
> > 
> > process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library
> > (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers
> > to cause a denial of service (infinite loop) via a crafted ELF file that
> > contains a negative size value in a CU structure. 
> > 
> > References:
> > 
> > https://sourceware.org/bugzilla/show_bug.cgi?id=22219
> > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;
> > h=19485196044b2521af979f1e5c4a89bfb90fba0b
> 
> Patch added to gentoo/binutils-2.29.1 branch

Fixed in 2.29.1-r1
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2017-12-27 22:53:49 UTC
All affected versions are masked. No further cleanup (toolchain package). 

Nothing to do for toolchain here anymore. Please proceed.
Comment 5 D'juan McDonald (domhnall) 2018-01-05 06:47:36 UTC
Added to existing GLSA request.


Gentoo Security Padawan
(Jmbailey/mbailey_j)
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2018-01-07 23:12:08 UTC
This issue was resolved and addressed in
 GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01
by GLSA coordinator Aaron Bauman (b-man).