Summary: | <sys-devel/binutils-2.30 : Multiple Vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Francis Booth <boothf> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 651576, 655574 | ||
Bug Blocks: |
Description
Francis Booth
2017-11-16 03:19:18 UTC
@Maintainers please let us know when tree is clean from vulnerable versions. Thank you (In reply to Francis Booth from comment #0) > ## CVE-2017-16826 > > The coff_slurp_line_table function in coffcode.h in the Binary File > Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils > 2.29.1, allows remote attackers to cause a denial of service (invalid memory > access and application crash) or possibly have unspecified other impact via > a crafted PE file. Fixed in upstream master Added to gentoo/binutils-2.29.1 branch (patchlevel 4) > > ## CVE-2017-16827 > > The aout_get_external_symbols function in aoutx.h in the Binary File > Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils > 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab > invalid free and application crash) or possibly have unspecified other > impact via a crafted ELF file. Fixed in upstream master Added to gentoo/binutils-2.29.1 branch (patchlevel 4) > > ## CVE-2017-16828 > > The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows > remote attackers to cause a denial of service (integer overflow and > heap-based buffer over-read, and application crash) or possibly have > unspecified other impact via a crafted ELF file, related to > print_debug_frame. Fixed in upstream master Patch does not apply trivially to gentoo/binutils-2.29.1 branch > > ## CVE-2017-16829 > > The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary > File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils > 2.29.1, does not prevent negative pointers, which allows remote attackers to > cause a denial of service (out-of-bounds read and application crash) or > possibly have unspecified other impact via a crafted ELF file. Fixed in upstream master Added to gentoo/binutils-2.29.1 branch (patchlevel 4) > > ## CVE-2017-16830 > > The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 > does not have integer-overflow protection on 32-bit platforms, which allows > remote attackers to cause a denial of service (segmentation violation and > application crash) or possibly have unspecified other impact via a crafted > ELF file. Fixed in upstream master Added to gentoo/binutils-2.29.1 branch (patchlevel 4) > > ## CVE-2017-16831 > > coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as > distributed in GNU Binutils 2.29.1, does not validate the symbol count, > which allows remote attackers to cause a denial of service (integer overflow > and application crash, or excessive memory allocation) or possibly have > unspecified other impact via a crafted PE file. Fixed in upstream master Patch does not apply trivially to gentoo/binutils-2.29.1 branch > > ## CVE-2017-16832 > > The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor > (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not > validate size and offset values in the data dictionary, which allows remote > attackers to cause a denial of service (segmentation violation and > application crash) or possibly have unspecified other impact via a crafted > PE file. Fixed in upstream master Added to gentoo/binutils-2.29.1 branch (patchlevel 4) (In reply to Andreas K. Hüttel from comment #2) > (In reply to Francis Booth from comment #0) > > ## CVE-2017-16826 > > > > The coff_slurp_line_table function in coffcode.h in the Binary File > > Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils > > 2.29.1, allows remote attackers to cause a denial of service (invalid memory > > access and application crash) or possibly have unspecified other impact via > > a crafted PE file. > > Fixed in upstream master > Added to gentoo/binutils-2.29.1 branch (patchlevel 4) Fixed in 2.30 > > > > > ## CVE-2017-16827 > > > > The aout_get_external_symbols function in aoutx.h in the Binary File > > Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils > > 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab > > invalid free and application crash) or possibly have unspecified other > > impact via a crafted ELF file. > > Fixed in upstream master > Added to gentoo/binutils-2.29.1 branch (patchlevel 4) Fixed in 2.30 > > > > > ## CVE-2017-16828 > > > > The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows > > remote attackers to cause a denial of service (integer overflow and > > heap-based buffer over-read, and application crash) or possibly have > > unspecified other impact via a crafted ELF file, related to > > print_debug_frame. > > Fixed in upstream master > Patch does not apply trivially to gentoo/binutils-2.29.1 branch Fixed in 2.30 > > > > > ## CVE-2017-16829 > > > > The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary > > File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils > > 2.29.1, does not prevent negative pointers, which allows remote attackers to > > cause a denial of service (out-of-bounds read and application crash) or > > possibly have unspecified other impact via a crafted ELF file. > > Fixed in upstream master > Added to gentoo/binutils-2.29.1 branch (patchlevel 4) Fixed in 2.30 > > > > > ## CVE-2017-16830 > > > > The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 > > does not have integer-overflow protection on 32-bit platforms, which allows > > remote attackers to cause a denial of service (segmentation violation and > > application crash) or possibly have unspecified other impact via a crafted > > ELF file. > > Fixed in upstream master > Added to gentoo/binutils-2.29.1 branch (patchlevel 4) Fixed in 2.30 > > > > > ## CVE-2017-16831 > > > > coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as > > distributed in GNU Binutils 2.29.1, does not validate the symbol count, > > which allows remote attackers to cause a denial of service (integer overflow > > and application crash, or excessive memory allocation) or possibly have > > unspecified other impact via a crafted PE file. > > Fixed in upstream master > Patch does not apply trivially to gentoo/binutils-2.29.1 branch Fixed in 2.30 > > > > > ## CVE-2017-16832 > > > > The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor > > (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not > > validate size and offset values in the data dictionary, which allows remote > > attackers to cause a denial of service (segmentation violation and > > application crash) or possibly have unspecified other impact via a crafted > > PE file. > > Fixed in upstream master > Added to gentoo/binutils-2.29.1 branch (patchlevel 4) Fixed in 2.30 This issue was resolved and addressed in GLSA 201811-17 at https://security.gentoo.org/glsa/201811-17 by GLSA coordinator Aaron Bauman (b-man). |