| Summary: | <sys-devel/binutils-2.29.1-r1: Multiple Denial of Service Bugs | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | A3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Aleksandr Wagner (Kivak)
2017-10-28 15:37:04 UTC
(In reply to Aleksandr Wagner (Kivak) from comment #0) > CVE-2017-15938 > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938): > > dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as > distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in > the case of a relocatable object file, which allows remote attackers to > cause a denial of service (find_abstract_instance_name invalid memory read, > segmentation fault, and application crash). > > References: > > https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in- > find_abstract_instance_name-dwarf2-c/ > https://sourceware.org/bugzilla/show_bug.cgi?id=22209 > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=1b86808a86077722ee4f42ff97f836b12420bb2a Will be in 2.30; in master branch. Backport not trivial. > > CVE-2017-15023 > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023): > > read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) > library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly > validate the format count, which allows remote attackers to cause a denial > of service (NULL pointer dereference and application crash) via a crafted > ELF file, related to concat_filename. > > References: > > https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in- > concat_filename-dwarf2-c/ > https://sourceware.org/bugzilla/show_bug.cgi?id=22200 > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=c361faae8d964db951b7100cada4dcdc983df1bf Will be in 2.30; in master branch. Backported to gentoo/binutils-2.29 branch. > > CVE-2017-15939 > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939): > > dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as > distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line > file table, which allows remote attackers to cause a denial of service (NULL > pointer dereference and application crash) via a crafted ELF file, related > to concat_filename. NOTE: this issue is caused by an incomplete fix for > CVE-2017-15023. > > References: > > https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in- > concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/ > https://sourceware.org/bugzilla/show_bug.cgi?id=22205 > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=a54018b72d75abf2e74bf36016702da06399c1d9 Will be in 2.30; in master branch. Backported to gentoo/binutils-2.29 branch. All affected versions are masked. No further cleanup (toolchain package). Nothing to do for toolchain here anymore. Please proceed. Added to existing GLSA request. Gentoo Security Padawan (Jmbailey/mbailey_j) This issue was resolved and addressed in GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01 by GLSA coordinator Aaron Bauman (b-man). |
