Summary: | <sys-devel/binutils-2.29.1-r1: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-10-23 19:43:00 UTC
@Maintainers could you please confirm if those CVEs are solved in 2.29? Thank you (In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2017-9756 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9756): > The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU > Binutils 2.28 allows remote attackers to cause a denial of service (buffer > overflow and application crash) or possibly have unspecified other impact > via a crafted binary file, as demonstrated by mishandling of this file > during "objdump -D" execution. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-9755 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9755): > opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of > registers for bnd mode, which allows remote attackers to cause a denial of > service (buffer overflow and application crash) or possibly have > unspecified > other impact via a crafted binary file, as demonstrated by mishandling of > this file during "objdump -D" execution. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-9751 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9751): > opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE > macro, > which allows remote attackers to cause a denial of service (buffer overflow > and application crash) or possibly have unspecified other impact via a > crafted binary file, as demonstrated by mishandling of this file during > "objdump -D" execution. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-9750 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9750): > opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain > scale arrays, which allows remote attackers to cause a denial of service > (buffer overflow and application crash) or possibly have unspecified other > impact via a crafted binary file, as demonstrated by mishandling of this > file during "objdump -D" execution. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-9749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9749): > The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote > attackers to cause a denial of service (buffer overflow and application > crash) or possibly have unspecified other impact via a crafted binary file, > as demonstrated by mishandling of this file during "objdump -D" execution. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-9746 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9746): > The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows > remote attackers to cause a denial of service (buffer overflow and > application crash) or possibly have unspecified other impact via a crafted > binary file, as demonstrated by mishandling of rae insns printing for this > file during "objdump -D" execution. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-9743 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9743): > The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils > 2.28 allows remote attackers to cause a denial of service (buffer overflow > and application crash) or possibly have unspecified other impact via a > crafted binary file, as demonstrated by mishandling of this file during > "objdump -D" execution. This one noone could reproduce, not even the original submitter. So probably invalid. > > CVE-2017-7227 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7227): > GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer > overflow while processing a bogus input script, leading to a program crash. > This relates to lack of '\0' termination of a name field in ldlex.l. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-7225 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7225): > The find_nearest_line function in addr2line in GNU Binutils 2.28 does not > handle the case where the main file name and the directory name are both > empty, triggering a NULL pointer dereference and an invalid write, and > leading to a program crash. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-7224 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7224): > The find_nearest_line function in objdump in GNU Binutils 2.28 is > vulnerable > to an invalid write (of size 1) while disassembling a corrupt binary that > contains an empty function name, leading to a program crash. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-7223 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7223): > GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer > overflow > (of size 1) while attempting to unget an EOF character from the input > stream, potentially leading to a program crash. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-7210 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7210): > objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer > over-reads (of size 1 and size 8) while handling corrupt STABS enum type > strings in a crafted object file, leading to program crash. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-7209 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7209): > The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses > a NULL pointer while reading section contents in a corrupt binary, leading > to a program crash. Fixed in sys-devel/binutils-2.29.1-r1 All affected versions are masked. No further cleanup (toolchain package). Nothing to do for toolchain here anymore. Please proceed. Added to existing GLSA request. Gentoo Security Padawan (Jmbailey/mbailey_j) This issue was resolved and addressed in GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01 by GLSA coordinator Aaron Bauman (b-man). |